diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2021-02-14 23:46:40 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2021-02-15 01:31:29 +0100 |
| commit | f62a66c6ce82d9a1af241dc3952250362e601d45 (patch) | |
| tree | 454cbfef10eab4063ac8234fc808b426eab94b65 /lacme | |
| parent | 5dcb74302029ffcfd076f9ab10329e2196f17f85 (diff) | |
Add support for TLS Feature extension from RFC 7633.
This is mostly useful for OCSP Must-Staple.
Diffstat (limited to 'lacme')
| -rwxr-xr-x | lacme | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -159,6 +159,7 @@ sub gen_csr(%) { ); $config->print("keyUsage = critical, $args{keyUsage}\n") if defined $args{keyUsage}; $config->print("subjectAltName = $args{subjectAltName}\n") if defined $args{subjectAltName}; + $config->print("tlsfeature = $args{tlsfeature}\n") if defined $args{tlsfeature}; $config->close() or die "Can't close: $!"; my @args = (qw/-new -batch -key/, $args{'certificate-key'}); @@ -703,7 +704,7 @@ elsif ($COMMAND eq 'newOrder' or $COMMAND eq 'new-cert') { my $def = delete $h->{_} // {}; $defaults{$_} = $def->{$_} foreach keys %$def; my @valid = qw/certificate certificate-chain certificate-key min-days CAfile - hash keyUsage subject subjectAltName chown chmod notify/; + hash keyUsage subject subjectAltName tlsfeature chown chmod notify/; foreach my $s (keys %$h) { $conf->{$s} = { map { $_ => delete $h->{$s}->{$_} } @valid }; die "Unknown option(s) in [$s]: ".join(', ', keys %{$h->{$s}})."\n" if %{$h->{$s}}; @@ -744,7 +745,7 @@ elsif ($COMMAND eq 'newOrder' or $COMMAND eq 'new-cert') { } # generate the CSR - my $csr = gen_csr(map {$_ => $conf->{$_}} qw/certificate-key subject subjectAltName keyUsage hash/) // do { + my $csr = gen_csr(map {$_ => $conf->{$_}} qw/certificate-key keyUsage subject subjectAltName tlsfeature hash/) // do { print STDERR "[$s] Warning: Couldn't generate CSR, skipping\n"; $rv = 1; next; |