sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-03 00:00:24 -04:00
Code Issues Projects Releases Wiki Activity

pki: Allow overriding EKU flags from certificate request via command line

Browse Source 
The flags encoded in the PKCS#10 structure (or derived from the encoded
profile name) might not be appropriate in some instances. This allows
overriding them without having to issue a new certificate request.
This commit is contained in:
Tobias Brunner 2023-02-23 16:54:51 +01:00
parent 350101abad
commit 8325eeff06
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/pki/commands/issue.c
View File

@ -482,8 +482,11 @@ static int issue()
}
req = (pkcs10_t*)cert_req;
/* Add Extended Key Usage (EKU) flags */
flags |= req->get_flags(req);
/* Add Extended Key Usage (EKU) flags if not overridden */
if (!flags)
{
flags = req->get_flags(req);
}
/* Add subjectAltNames from PKCS#10 certificate request */
enumerator = req->create_subjectAltName_enumerator(req);