[gnutls-devel] [PATCH 2/2] enable --outder for certtool --dh-info

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Nov 8 00:20:40 CET 2013


"certool --dh-info --outder" produces PEM-encoded output without this
patch.
---
 src/certtool-args.def |  2 +-
 src/certtool-common.c | 14 +++++++++++---
 src/certtool-common.h |  1 +
 src/certtool.c        |  1 +
 4 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/certtool-args.def b/src/certtool-args.def
index 30cfb7d..36f0629 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -324,7 +324,7 @@ flag = {
 
 flag = {
     name      = outder;
-    descrip   = "Use DER format for output certificates and private keys";
+    descrip   = "Use DER format for output certificates, private keys, and DH parameters";
     disabled;
     disable   = "no";
     doc       = "The output will be in DER or RAW format.";
diff --git a/src/certtool-common.c b/src/certtool-common.c
index e51a6c8..2b0c4c7 100644
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -912,18 +912,26 @@ void dh_info (FILE* infile, FILE* outfile, common_info_st * ci)
       exit (1);
     }
     
-  print_dh_info (outfile, &p, &g, q_bits, ci->cprint);
+  if (ci->outcert_format == GNUTLS_X509_FMT_PEM)
+    print_dh_info (outfile, &p, &g, q_bits, ci->cprint);
 
   if (!ci->cprint)
     {                             /* generate a PKCS#3 structure */
     size_t len = buffer_size;
 
-    ret = gnutls_dh_params_export_pkcs3 (dh_params, GNUTLS_X509_FMT_PEM,
+    ret = gnutls_dh_params_export_pkcs3 (dh_params, ci->outcert_format,
                                          buffer, &len);
 
     if (ret == 0)
       {
-        fprintf (outfile, "\n%s", buffer);
+        if (ci->outcert_format == GNUTLS_X509_FMT_PEM)
+          {
+            fprintf (outfile, "\n%s", buffer);
+          }
+        else
+          {
+            fwrite (buffer, 1, len, outfile);
+          }
       }
     else
       {
diff --git a/src/certtool-common.h b/src/certtool-common.h
index 556a3cc..35d1c2f 100644
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -39,6 +39,7 @@ typedef struct common_info
   const char *pubkey;
   int pkcs8;
   int incert_format;
+  int outcert_format;
   const char *cert;
 
   const char *request;
diff --git a/src/certtool.c b/src/certtool.c
index 4dc6dea..1e0aab2 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -1147,6 +1147,7 @@ cmd_parser (int argc, char **argv)
 
   cinfo.pkcs8 = HAVE_OPT(PKCS8);
   cinfo.incert_format = incert_format;
+  cinfo.outcert_format = outcert_format;
 
   if (HAVE_OPT(LOAD_CERTIFICATE))
     cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
-- 
1.8.4.rc3




More information about the Gnutls-devel mailing list