diff options
Diffstat (limited to 'security/nss/cmd/certutil')
| -rw-r--r-- | security/nss/cmd/certutil/certext.c | 50 | ||||
| -rw-r--r-- | security/nss/cmd/certutil/certutil.c | 9 |
2 files changed, 56 insertions, 3 deletions
diff --git a/security/nss/cmd/certutil/certext.c b/security/nss/cmd/certutil/certext.c index 0be3eb120..501608c85 100644 --- a/security/nss/cmd/certutil/certext.c +++ b/security/nss/cmd/certutil/certext.c @@ -497,6 +497,13 @@ static const char *const "ocspResponder", "stepUp", "msTrustListSigning", + "x509Any", + "ipsecIKE", + "ipsecIKEEnd", + "ipsecIKEIntermediate", + "ipsecEnd", + "ipsecTunnel", + "ipsecUser", NULL }; static SECStatus @@ -517,6 +524,10 @@ AddExtKeyUsage(void *extHandle, const char *userSuppliedValue) while (1) { if (!userSuppliedValue) { + /* + * none of the 'new' extended key usage options work with the prompted menu. This is so + * old scripts can continue to work. + */ if (PrintChoicesAndGetAnswer( "\t\t0 - Server Auth\n" "\t\t1 - Client Auth\n" @@ -572,6 +583,45 @@ AddExtKeyUsage(void *extHandle, const char *userSuppliedValue) case 7: rv = AddOidToSequence(os, SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING); break; + /* + * These new usages can only be added explicitly by the userSuppliedValues. This allows old + * scripts which used '>7' as an exit value to continue to work. + */ + case 8: + if (!userSuppliedValue) + goto endloop; + rv = AddOidToSequence(os, SEC_OID_X509_ANY_EXT_KEY_USAGE); + break; + case 9: + if (!userSuppliedValue) + goto endloop; + rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_IPSEC_IKE); + break; + case 10: + if (!userSuppliedValue) + goto endloop; + rv = AddOidToSequence(os, SEC_OID_IPSEC_IKE_END); + break; + case 11: + if (!userSuppliedValue) + goto endloop; + rv = AddOidToSequence(os, SEC_OID_IPSEC_IKE_INTERMEDIATE); + break; + case 12: + if (!userSuppliedValue) + goto endloop; + rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_IPSEC_END); + break; + case 13: + if (!userSuppliedValue) + goto endloop; + rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_IPSEC_TUNNEL); + break; + case 14: + if (!userSuppliedValue) + goto endloop; + rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_IPSEC_USER); + break; default: goto endloop; } diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index df02e4439..16a9bf16e 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -1362,8 +1362,11 @@ luC(enum usage_level ul, const char *command) "%-20s Create extended key usage extension. Possible keywords:\n" "%-20s \"serverAuth\", \"clientAuth\",\"codeSigning\",\n" "%-20s \"emailProtection\", \"timeStamp\",\"ocspResponder\",\n" - "%-20s \"stepUp\", \"msTrustListSign\", \"critical\"\n", - " -6 | --extKeyUsage keyword,keyword,...", "", "", "", ""); + "%-20s \"stepUp\", \"msTrustListSign\", \"x509Any\",\n" + "%-20s \"ipsecIKE\", \"ipsecIKEEnd\", \"ipsecIKEIntermediate\",\n" + "%-20s \"ipsecEnd\", \"ipsecTunnel\", \"ipsecUser\",\n" + "%-20s \"critical\"\n", + " -6 | --extKeyUsage keyword,keyword,...", "", "", "", "", "", "", ""); FPS "%-20s Create an email subject alt name extension\n", " -7 emailAddrs"); FPS "%-20s Create an dns subject alt name extension\n", @@ -3120,7 +3123,7 @@ certutil_main(int argc, char **argv, PRBool initialize) PR_fprintf(PR_STDERR, "%s -%c: specify a nickname (-n) or\n" " a key ID (-k).\n", - commandToRun, progName); + progName, commandToRun); return 255; } |