X-Git-Url: http://dolda2000.com/gitweb/?p=utils.git;a=blobdiff_plain;f=certreq;h=74e0dd7dab5c98d389ad8b714548a4db292cb3a9;hp=fb7e26c22c560d5e01c1e5b8fb7d1c044393ed5c;hb=HEAD;hpb=f2571f84d89168fe01ab88020359886f7e0fc8a6

diff --git a/certreq b/certreq
index fb7e26c..74e0dd7 100755
--- a/certreq
+++ b/certreq
@@ -1,13 +1,22 @@
 #!/bin/bash
 
+commajoin() {
+    f=y
+    for arg in "$@"; do
+	if [ -z "$f" ]; then echo -n ,; fi
+	echo -n "$arg"
+	f=
+    done
+}
+
 usage() {
-    echo "usage: certreq [-h] [-a ALTNAMES] SUBJECT KEYFILE"
+    echo "usage: certreq [-h] [-a ALTNAMES] [-C] SUBJECT KEYFILE"
     echo '        SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
     echo '        ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
 }
 
 declare -A reqexts config
-while getopts ha: OPT; do
+while getopts hCa: OPT; do
     case "$OPT" in
 	h)
 	    usage
@@ -18,6 +27,13 @@ while getopts ha: OPT; do
 	    config[SAN]=1
 	    config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
 	    ;;
+	C)
+	    reqexts[NON_SELF_CA]=1
+	    config[NON_SELF_CA]=1
+	    config_NON_SELF_CA=("${config_NONE_SELF_CA[@]}"
+				"basicConstraints = critical,CA:true"
+				"keyUsage = cRLSign, keyCertSign")
+	    ;;
     esac
 done
 shift $((OPTIND - 1))
@@ -28,7 +44,9 @@ fi
 
 args=(openssl req -new)
 if [ -n "${!reqexts[*]}" ]; then
-    args=("${args[@]}" -reqexts "${!reqexts[@]}")
+    for reqext in "${!reqexts[@]}"; do
+	args=("${args[@]}" -reqexts "$reqext")
+    done
 fi
 if [ -n "${!config[*]}" ]; then
     confpath="$(mktemp /tmp/certreq-XXXXXX)"