summaryrefslogtreecommitdiffstats
path: root/usr.sbin/ikectl/ikeca.c
diff options
context:
space:
mode:
authorjsg <jsg@openbsd.org>2015-11-02 10:27:44 +0000
committerjsg <jsg@openbsd.org>2015-11-02 10:27:44 +0000
commitab7171b1b7ff997a423930358f9c335e1455e68f (patch)
treeea9594ef2177924a20494cbaa570668089345ed4 /usr.sbin/ikectl/ikeca.c
parentuse SOCK_NONBLOCK instead of fcntl (diff)
downloadwireguard-openbsd-ab7171b1b7ff997a423930358f9c335e1455e68f.tar.xz
wireguard-openbsd-ab7171b1b7ff997a423930358f9c335e1455e68f.zip
Accept an ocsp option when creating certificates to set the extended
key usage for OCSP signing. Requested by and ok reyk@
Diffstat (limited to 'usr.sbin/ikectl/ikeca.c')
-rw-r--r--usr.sbin/ikectl/ikeca.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.sbin/ikectl/ikeca.c b/usr.sbin/ikectl/ikeca.c
index 8ecfd3e2d54..90ef087e5c3 100644
--- a/usr.sbin/ikectl/ikeca.c
+++ b/usr.sbin/ikectl/ikeca.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ikeca.c,v 1.37 2015/08/19 21:07:23 reyk Exp $ */
+/* $OpenBSD: ikeca.c,v 1.38 2015/11/02 10:27:44 jsg Exp $ */
/*
* Copyright (c) 2010 Jonathan Gray <jsg@openbsd.org>
@@ -273,6 +273,11 @@ ca_certificate(struct ca *ca, char *keyname, int type, int action)
ca_setenv("$ENV::CERTUSAGE",
"digitalSignature,keyAgreement");
break;
+ case CA_OCSP:
+ ca_setenv("$ENV::EXTCERTUSAGE", "OCSPSigning");
+ ca_setenv("$ENV::CERTUSAGE",
+ "nonRepudiation,digitalSignature,keyEncipherment");
+ break;
default:
break;
}
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.