diff options
author | jsg <jsg@openbsd.org> | 2015-11-02 10:27:44 +0000 |
---|---|---|
committer | jsg <jsg@openbsd.org> | 2015-11-02 10:27:44 +0000 |
commit | ab7171b1b7ff997a423930358f9c335e1455e68f (patch) | |
tree | ea9594ef2177924a20494cbaa570668089345ed4 /usr.sbin/ikectl/ikeca.c | |
parent | use SOCK_NONBLOCK instead of fcntl (diff) | |
download | wireguard-openbsd-ab7171b1b7ff997a423930358f9c335e1455e68f.tar.xz wireguard-openbsd-ab7171b1b7ff997a423930358f9c335e1455e68f.zip |
Accept an ocsp option when creating certificates to set the extended
key usage for OCSP signing.
Requested by and ok reyk@
Diffstat (limited to 'usr.sbin/ikectl/ikeca.c')
-rw-r--r-- | usr.sbin/ikectl/ikeca.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.sbin/ikectl/ikeca.c b/usr.sbin/ikectl/ikeca.c index 8ecfd3e2d54..90ef087e5c3 100644 --- a/usr.sbin/ikectl/ikeca.c +++ b/usr.sbin/ikectl/ikeca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikeca.c,v 1.37 2015/08/19 21:07:23 reyk Exp $ */ +/* $OpenBSD: ikeca.c,v 1.38 2015/11/02 10:27:44 jsg Exp $ */ /* * Copyright (c) 2010 Jonathan Gray <jsg@openbsd.org> @@ -273,6 +273,11 @@ ca_certificate(struct ca *ca, char *keyname, int type, int action) ca_setenv("$ENV::CERTUSAGE", "digitalSignature,keyAgreement"); break; + case CA_OCSP: + ca_setenv("$ENV::EXTCERTUSAGE", "OCSPSigning"); + ca_setenv("$ENV::CERTUSAGE", + "nonRepudiation,digitalSignature,keyEncipherment"); + break; default: break; } |