Add a --serial parameter to yubico-piv-tool.
Allows the serial number of self signed certificates to be configured.
This commit is contained in:
@@ -781,7 +781,7 @@ request_out:
|
||||
|
||||
static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_format,
|
||||
const char *input_file_name, const char *slot, char *subject, enum enum_hash hash,
|
||||
const int validDays, const char *output_file_name) {
|
||||
const int serial, const int validDays, const char *output_file_name) {
|
||||
FILE *input_file = NULL;
|
||||
FILE *output_file = NULL;
|
||||
bool ret = false;
|
||||
@@ -847,7 +847,7 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
|
||||
fprintf(stderr, "Failed to set the certificate public key.\n");
|
||||
goto selfsign_out;
|
||||
}
|
||||
if(!ASN1_INTEGER_set(X509_get_serialNumber(x509), 1)) {
|
||||
if(!ASN1_INTEGER_set(X509_get_serialNumber(x509), serial)) {
|
||||
fprintf(stderr, "Failed to set certificate serial.\n");
|
||||
goto selfsign_out;
|
||||
}
|
||||
@@ -1986,7 +1986,8 @@ int main(int argc, char *argv[]) {
|
||||
case action_arg_selfsignMINUS_certificate:
|
||||
if(selfsign_certificate(state, args_info.key_format_arg, args_info.input_arg,
|
||||
args_info.slot_orig, args_info.subject_arg, args_info.hash_arg,
|
||||
args_info.valid_days_arg, args_info.output_arg) == false) {
|
||||
args_info.serial_arg, args_info.valid_days_arg,
|
||||
args_info.output_arg) == false) {
|
||||
ret = EXIT_FAILURE;
|
||||
} else {
|
||||
fprintf(stderr, "Successfully generated a new self signed certificate.\n");
|
||||
|
||||
Reference in New Issue
Block a user