bug 540: implements CPS changes in the signer bug-540
authorMichael Tänzer <neo@nhng.de>
Sun, 25 Dec 2011 00:33:00 +0000 (01:33 +0100)
committerMichael Tänzer <neo@nhng.de>
Sun, 25 Dec 2011 00:33:00 +0000 (01:33 +0100)
Signed-off-by: Michael Tänzer <neo@nhng.de>
CommModule/server.pl

index eb5113a..c70bc9a 100755 (executable)
@@ -502,9 +502,28 @@ sub SignX509($$$$$$$$)
   {
     open OUT,">$wid/extfile";
     print OUT "basicConstraints = critical, CA:FALSE\n";
+    print OUT "keyUsage = critical, digitalSignature, keyEncipherment, keyAgreement\n";
     print OUT "extendedKeyUsage = clientAuth, serverAuth, nsSGC, msSGC\n";
-    print OUT "keyUsage = digitalSignature, keyEncipherment\n";
     print OUT "authorityInfoAccess = OCSP;URI:$OCSPUrl\n";
+    
+    my $CRLUrl="";
+    if($root==0)
+    {
+        $CRLUrl="http://crl.cacert.org/revoke.crl";
+    }
+    elsif($root==1)
+    {
+        $CRLUrl="http://crl.cacert.org/class3-revoke.crl";
+    }
+    elsif($root==2)
+    {
+        $CRLUrl="http://crl.cacert.org/class3s-revoke.crl";
+    }
+    else
+    {
+        $CRLUrl="http://crl.cacert.org/root${root}.crl";
+    }
+    print OUT "crlDistributionPoints = URI:${CRLUrl}\n";
     print OUT "subjectAltName = $san\n" if(length($san));
     close OUT;
     $extfile=" -extfile $wid/extfile ";