[Help-gnutls] Re: Two organizational units
Simon Josefsson
jas at extundo.com
Mon Sep 4 16:09:42 CEST 2006
Sascha Ziemann <sascha.ziemann at secunet.com> writes:
> Hi,
>
> I would like to generate a certificate with more than one OU field in
> the subject. When I try to write two "unit=" entries in the template
> file, I get an error. What is the right way to do that?
Hi! I don't think that is supported right now. Could you test this
patch?
/Simon
Index: certtool-cfg.c
===================================================================
RCS file: /cvs/gnutls/gnutls/src/certtool-cfg.c,v
retrieving revision 2.15
diff -u -p -r2.15 certtool-cfg.c
--- certtool-cfg.c 15 May 2006 14:29:45 -0000 2.15
+++ certtool-cfg.c 4 Sep 2006 14:07:10 -0000
@@ -40,7 +40,7 @@ extern int batch;
typedef struct _cfg_ctx
{
char *organization;
- char *unit;
+ char **unit;
char *locality;
char *state;
char *cn;
@@ -93,7 +93,7 @@ template_parse (const char *template)
struct cfg_option options[] = {
{NULL, '\0', "organization", CFG_STR, (void *) &cfg.organization,
0},
- {NULL, '\0', "unit", CFG_STR, (void *) &cfg.unit, 0},
+ {NULL, '\0', "unit", CFG_STR + CFG_MULTI, (void *) &cfg.unit, 0},
{NULL, '\0', "locality", CFG_STR, (void *) &cfg.locality, 0},
{NULL, '\0', "state", CFG_STR, (void *) &cfg.state, 0},
{NULL, '\0', "cn", CFG_STR, (void *) &cfg.cn, 0},
@@ -366,20 +366,24 @@ void
get_unit_crt_set (gnutls_x509_crt crt)
{
int ret;
+ size_t i;
if (batch)
{
if (!cfg.unit)
return;
- ret =
- gnutls_x509_crt_set_dn_by_oid (crt,
- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
- 0, cfg.unit, strlen (cfg.unit));
- if (ret < 0)
+ for (i = 0; cfg.unit[i] != NULL; i++)
{
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
+ ret =
+ gnutls_x509_crt_set_dn_by_oid (crt,
+ GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
+ 0, cfg.unit[i], strlen (cfg.unit[i]));
+ if (ret < 0)
+ {
+ fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
}
}
else
@@ -892,20 +896,24 @@ void
get_unit_crq_set (gnutls_x509_crq crq)
{
int ret;
+ size_t i;
if (batch)
{
if (!cfg.unit)
return;
- ret =
- gnutls_x509_crq_set_dn_by_oid (crq,
- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
- 0, cfg.unit, strlen (cfg.unit));
- if (ret < 0)
+ for (i = 0; cfg.unit[i] != NULL; i++)
{
- fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
- exit (1);
+ ret =
+ gnutls_x509_crq_set_dn_by_oid (crq,
+ GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
+ 0, cfg.unit[i], strlen (cfg.unit[i]));
+ if (ret < 0)
+ {
+ fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
}
}
else
Index: certtool-cfg.h
===================================================================
RCS file: /cvs/gnutls/gnutls/src/certtool-cfg.h,v
retrieving revision 2.8
diff -u -p -r2.8 certtool-cfg.h
--- certtool-cfg.h 7 Nov 2005 23:28:05 -0000 2.8
+++ certtool-cfg.h 4 Sep 2006 14:07:10 -0000
@@ -1,6 +1,6 @@
#include <gnutls/x509.h>
-extern char *organization, *unit, *locality, *state;
+extern char *organization, **unit, *locality, *state;
extern char *cn, *challenge_password, *password, *pkcs9_email, *country;
extern char *dns_name, *email, *crl_dist_points, *pkcs12_key_name;
extern int serial, expiration_days, ca, tls_www_client, tls_www_server,
More information about the Gnutls-help
mailing list