diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2010-10-08 07:45:07 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2010-10-08 07:45:07 +0000 |
| commit | adad67bc97fd12b0163395230d60e75a7f02322e (patch) | |
| tree | 29c25f79aae26f0417d81f4f5096eaa1feb86aa0 /usr.sbin/ikectl | |
| parent | a42bc1b250fb62b11837c0bc156ce58702c040f7 (diff) | |
Allow to show certificate details (show ca x cert [y]).
Diffstat (limited to 'usr.sbin/ikectl')
| -rw-r--r-- | usr.sbin/ikectl/ikeca.c | 18 | ||||
| -rw-r--r-- | usr.sbin/ikectl/ikectl.8 | 14 | ||||
| -rw-r--r-- | usr.sbin/ikectl/ikectl.c | 4 | ||||
| -rw-r--r-- | usr.sbin/ikectl/parser.c | 14 | ||||
| -rw-r--r-- | usr.sbin/ikectl/parser.h | 4 |
5 files changed, 40 insertions, 14 deletions
diff --git a/usr.sbin/ikectl/ikeca.c b/usr.sbin/ikectl/ikeca.c index 616292866b6..9ac58005d04 100644 --- a/usr.sbin/ikectl/ikeca.c +++ b/usr.sbin/ikectl/ikeca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikeca.c,v 1.14 2010/10/07 15:17:38 jsg Exp $ */ +/* $OpenBSD: ikeca.c,v 1.15 2010/10/08 07:45:06 reyk Exp $ */ /* $vantronix: ikeca.c,v 1.13 2010/06/03 15:52:52 reyk Exp $ */ /* @@ -59,7 +59,6 @@ struct ca { int ca_sign(struct ca *, char *, int, char *); int ca_request(struct ca *, char *); int ca_newpass(char *, char *); -int ca_show_certs(struct ca *); char * ca_readpass(char *, size_t *); int fcopy(char *, char *, mode_t); int rm_dir(char *); @@ -366,13 +365,26 @@ ca_install(struct ca *ca) } int -ca_show_certs(struct ca *ca) +ca_show_certs(struct ca *ca, char *name) { DIR *dir; struct dirent *de; char cmd[PATH_MAX * 2]; char path[PATH_MAX]; char *p; + struct stat st; + + if (name != NULL) { + snprintf(path, sizeof(path), "%s/%s.crt", + ca->sslpath, name); + if (stat(path, &st) != 0) + err(1, "could not open file %s.crt", name); + snprintf(cmd, sizeof(cmd), "%s x509 -text" + " -in %s", PATH_OPENSSL, path); + system(cmd); + printf("\n"); + return (0); + } if ((dir = opendir(ca->sslpath)) == NULL) err(1, "could not open directory %s", ca->sslpath); diff --git a/usr.sbin/ikectl/ikectl.8 b/usr.sbin/ikectl/ikectl.8 index 5fe9c178c74..305fd930c01 100644 --- a/usr.sbin/ikectl/ikectl.8 +++ b/usr.sbin/ikectl/ikectl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ikectl.8,v 1.12 2010/10/07 13:30:50 reyk Exp $ +.\" $OpenBSD: ikectl.8,v 1.13 2010/10/08 07:45:06 reyk Exp $ .\" $vantronix: ikectl.8,v 1.11 2010/06/03 15:55:51 reyk Exp $ .\" .\" Copyright (c) 2007, 2008, 2009, 2010 Reyk Floeter <reyk@vantronix.net> @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: October 7 2010 $ +.Dd $Mdocdate: October 8 2010 $ .Dt IKECTL 8 .Os .Sh NAME @@ -204,9 +204,15 @@ into the active configuration. Revoke the certificate specified by .Ar host and generate a new Certificate Revocation List (CRL). -.It Cm show Cm ca Ar name Cm certificates +.It Xo +.Cm show Cm ca Ar name Cm certificates +.Op Ar host +.Xc Display a listing of certificates associated with CA -.Ar name . +.Ar name +or display certificate details if +.Ar host +is specified. .It Xo .Cm ca Ar name Cm key Ar host .Cm create diff --git a/usr.sbin/ikectl/ikectl.c b/usr.sbin/ikectl/ikectl.c index b3331401ab6..7a7e7d105ec 100644 --- a/usr.sbin/ikectl/ikectl.c +++ b/usr.sbin/ikectl/ikectl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikectl.c,v 1.8 2010/10/07 13:30:50 reyk Exp $ */ +/* $OpenBSD: ikectl.c,v 1.9 2010/10/08 07:45:06 reyk Exp $ */ /* * Copyright (c) 2007, 2008 Reyk Floeter <reyk@vantronix.net> @@ -117,7 +117,7 @@ ca_opt(struct parse_result *res) ca_revoke(ca, res->host); break; case SHOW_CA_CERTIFICATES: - ca_show_certs(ca); + ca_show_certs(ca, res->host); break; case CA_KEY_CREATE: ca_key_create(ca, res->host); diff --git a/usr.sbin/ikectl/parser.c b/usr.sbin/ikectl/parser.c index 3d4151ec72e..133fba12261 100644 --- a/usr.sbin/ikectl/parser.c +++ b/usr.sbin/ikectl/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.7 2010/10/07 13:30:50 reyk Exp $ */ +/* $OpenBSD: parser.c,v 1.8 2010/10/08 07:45:06 reyk Exp $ */ /* * Copyright (c) 2010 Reyk Floeter <reyk@vantronix.net> @@ -76,6 +76,7 @@ static const struct token t_ca_key_path[]; static const struct token t_show[]; static const struct token t_show_ca[]; static const struct token t_show_ca_modifiers[]; +static const struct token t_show_ca_cert[]; static const struct token t_main[] = { { KEYWORD, "active", ACTIVE, NULL }, @@ -207,8 +208,15 @@ static const struct token t_show_ca[] = { }; static const struct token t_show_ca_modifiers[] = { - { KEYWORD, "certificates", SHOW_CA_CERTIFICATES, NULL }, - { ENDTOKEN, "", NONE, NULL } + { KEYWORD, "certificates", SHOW_CA_CERTIFICATES, t_show_ca_cert }, + { ENDTOKEN, "", NONE, NULL } +}; + +static const struct token t_show_ca_cert[] = { + { NOTOKEN, "", NONE, NULL }, + { ADDRESS, "", NONE, NULL }, + { FQDN, "", NONE, NULL }, + { ENDTOKEN, "", NONE, NULL } }; static struct parse_result res; diff --git a/usr.sbin/ikectl/parser.h b/usr.sbin/ikectl/parser.h index 0cd1e62a614..13787679505 100644 --- a/usr.sbin/ikectl/parser.h +++ b/usr.sbin/ikectl/parser.h @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.h,v 1.7 2010/10/07 13:30:50 reyk Exp $ */ +/* $OpenBSD: parser.h,v 1.8 2010/10/08 07:45:06 reyk Exp $ */ /* * Copyright (c) 2007, 2008 Reyk Floeter <reyk@vantronix.net> @@ -82,7 +82,7 @@ int ca_delete(struct ca *); int ca_delkey(struct ca *, char *); int ca_install(struct ca *); int ca_cert_install(struct ca *, char *); -int ca_show_certs(struct ca *); +int ca_show_certs(struct ca *, char *); int ca_key_create(struct ca *, char *); int ca_key_delete(struct ca *, char *); int ca_key_install(struct ca *, char *); |