From 29860eadb308d1316c62a695daa91d6f24eb6063 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20T=C3=A4nzer?= <neo@nhng.de>
Date: Sun, 25 Dec 2011 01:33:00 +0100
Subject: bug 540: implements CPS changes in the signer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michael Tänzer <neo@nhng.de>
---
 CommModule/server.pl | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

(limited to 'CommModule/server.pl')

diff --git a/CommModule/server.pl b/CommModule/server.pl
index eb5113a..c70bc9a 100755
--- a/CommModule/server.pl
+++ b/CommModule/server.pl
@@ -502,9 +502,28 @@ sub SignX509($$$$$$$$)
   {
     open OUT,">$wid/extfile";
     print OUT "basicConstraints = critical, CA:FALSE\n";
+    print OUT "keyUsage = critical, digitalSignature, keyEncipherment, keyAgreement\n";
     print OUT "extendedKeyUsage = clientAuth, serverAuth, nsSGC, msSGC\n";
-    print OUT "keyUsage = digitalSignature, keyEncipherment\n";
     print OUT "authorityInfoAccess = OCSP;URI:$OCSPUrl\n";
+    
+    my $CRLUrl="";
+    if($root==0)
+    {
+        $CRLUrl="http://crl.cacert.org/revoke.crl";
+    }
+    elsif($root==1)
+    {
+        $CRLUrl="http://crl.cacert.org/class3-revoke.crl";
+    }
+    elsif($root==2)
+    {
+        $CRLUrl="http://crl.cacert.org/class3s-revoke.crl";
+    }
+    else
+    {
+        $CRLUrl="http://crl.cacert.org/root${root}.crl";
+    }
+    print OUT "crlDistributionPoints = URI:${CRLUrl}\n";
     print OUT "subjectAltName = $san\n" if(length($san));
     close OUT;
     $extfile=" -extfile $wid/extfile ";
-- 
cgit v1.2.1