hxtool: add cert type: https-negotiate-server

author Nicolas Williams <nico@twosigma.com>

Tue, 3 Dec 2019 06:13:08 +0000 (00:13 -0600)

committer Nicolas Williams <nico@twosigma.com>

Wed, 4 Dec 2019 19:40:28 +0000 (13:40 -0600)
author Nicolas Williams <nico@twosigma.com>
Tue, 3 Dec 2019 06:13:08 +0000 (00:13 -0600)
committer Nicolas Williams <nico@twosigma.com>
Wed, 4 Dec 2019 19:40:28 +0000 (13:40 -0600)
diff --git a/lib/hx509/hxtool.c b/lib/hx509/hxtool.c

index d55035d28ad970db65d227d5f25b666855101c72..c934e5a148b2ea5860e0150c16011098baabf67a 100644 (file)
--- a/lib/hx509/hxtool.c
+++ b/lib/hx509/hxtool.c
@@ -1674,6 +1674,16 @@ https_server(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt
      return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_serverAuth);
  }
  
+static int
+https_negotiate_server(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt)
+{
+    int ret = hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkekuoid);
+    if (ret == 0)
+        ret = hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_serverAuth);
+    opt->pkinit++;
+    return ret;
+}
+
  static int
  https_client(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt)
  {
@@ -1747,6 +1757,11 @@ struct {
         "Certificates used for Kerberos PK-INIT KDC certificates",
         pkinit_kdc
      },
+    {
+       "https-negotiate-server",
+       "Used for HTTPS server and many other TLS server certificate types",
+       https_negotiate_server
+    },
      {
         "peap-server",
         "Certificate used for Radius PEAP (Protected EAP)",
author	Nicolas Williams <nico@twosigma.com>
	Tue, 3 Dec 2019 06:13:08 +0000 (00:13 -0600)
committer	Nicolas Williams <nico@twosigma.com>
	Wed, 4 Dec 2019 19:40:28 +0000 (13:40 -0600)