From 1b3618666413f62448f5e63e13503f704c214516 Mon Sep 17 00:00:00 2001
From: Fredrik Tolf <fredrik@dolda2000.com>
Date: Fri, 18 Sep 2020 22:22:50 +0200
Subject: [PATCH] certreq: Add ability to generate intermediate-CA requests.

---
 certreq | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/certreq b/certreq
index 142644e..74e0dd7 100755
--- a/certreq
+++ b/certreq
@@ -10,13 +10,13 @@ commajoin() {
 }
 
 usage() {
-    echo "usage: certreq [-h] [-a ALTNAMES] SUBJECT KEYFILE"
+    echo "usage: certreq [-h] [-a ALTNAMES] [-C] SUBJECT KEYFILE"
     echo '        SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
     echo '        ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
 }
 
 declare -A reqexts config
-while getopts ha: OPT; do
+while getopts hCa: OPT; do
     case "$OPT" in
 	h)
 	    usage
@@ -27,6 +27,13 @@ while getopts ha: OPT; do
 	    config[SAN]=1
 	    config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
 	    ;;
+	C)
+	    reqexts[NON_SELF_CA]=1
+	    config[NON_SELF_CA]=1
+	    config_NON_SELF_CA=("${config_NONE_SELF_CA[@]}"
+				"basicConstraints = critical,CA:true"
+				"keyUsage = cRLSign, keyCertSign")
+	    ;;
     esac
 done
 shift $((OPTIND - 1))
-- 
2.11.0