summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/ssh-keygen.c
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2019-01-23 04:51:03 +0000
committerDamien Miller <djm@cvs.openbsd.org>2019-01-23 04:51:03 +0000
commitbf2fa2fc8539267b544d750904ed69a2cf93388e (patch)
treec8a01c9e14a16399a5240747fdf7d59ac85afc96 /usr.bin/ssh/ssh-keygen.c
parentc62ef73e2e24c7d0961283041cb6b4d1096f24df (diff)
allow auto-incrementing certificate serial number for certs signed
in a single commandline.
Diffstat (limited to 'usr.bin/ssh/ssh-keygen.c')
-rw-r--r--usr.bin/ssh/ssh-keygen.c17
1 files changed, 12 insertions, 5 deletions
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c
index ef695b482a4..a2d8cab0bbb 100644
--- a/usr.bin/ssh/ssh-keygen.c
+++ b/usr.bin/ssh/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.325 2019/01/23 04:16:22 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.326 2019/01/23 04:51:02 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1624,7 +1624,8 @@ agent_signer(const struct sshkey *key, u_char **sigp, size_t *lenp,
static void
do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
- unsigned long long cert_serial, int argc, char **argv)
+ unsigned long long cert_serial, int cert_serial_autoinc,
+ int argc, char **argv)
{
int r, i, fd, found, agent_fd = -1;
u_int n;
@@ -1764,6 +1765,8 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
sshkey_free(public);
free(out);
+ if (cert_serial_autoinc)
+ cert_serial++;
}
#ifdef ENABLE_PKCS11
pkcs11_terminate();
@@ -2395,7 +2398,7 @@ main(int argc, char **argv)
int find_host = 0, delete_host = 0, hash_hosts = 0;
int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
int prefer_agent = 0, convert_to = 0, convert_from = 0;
- int print_public = 0, print_generic = 0;
+ int print_public = 0, print_generic = 0, cert_serial_autoinc = 0;
unsigned long long cert_serial = 0;
char *identity_comment = NULL, *ca_key_path = NULL;
u_int bits = 0;
@@ -2588,6 +2591,10 @@ main(int argc, char **argv)
break;
case 'z':
errno = 0;
+ if (*optarg == '+') {
+ cert_serial_autoinc = 1;
+ optarg++;
+ }
cert_serial = strtoull(optarg, &ep, 10);
if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
(errno == ERANGE && cert_serial == ULLONG_MAX))
@@ -2680,8 +2687,8 @@ main(int argc, char **argv)
if (ca_key_path != NULL) {
if (cert_key_id == NULL)
fatal("Must specify key id (-I) when certifying");
- do_ca_sign(pw, ca_key_path, prefer_agent, cert_serial,
- argc, argv);
+ do_ca_sign(pw, ca_key_path, prefer_agent,
+ cert_serial, cert_serial_autoinc, argc, argv);
}
if (show_cert)
do_show_cert(pw);