Added support for writing Key Usage and NS Cert Type extensions
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 7a811d4..dc9f00a 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -317,13 +317,6 @@
goto exit;
}
-/*
- if( opt.key_usage )
- x509write_csr_set_key_usage( &req, opt.key_usage );
-
- if( opt.ns_cert_type )
- x509write_csr_set_ns_cert_type( &req, opt.ns_cert_type );
-*/
/*
* 1.0. Check the names for validity
*/
@@ -455,6 +448,42 @@
printf( " ok\n" );
+ if( opt.key_usage )
+ {
+ printf( " . Adding the Key Usage extension ..." );
+ fflush( stdout );
+
+ ret = x509write_crt_set_key_usage( &crt, opt.key_usage );
+ if( ret != 0 )
+ {
+#ifdef POLARSSL_ERROR_C
+ error_strerror( ret, buf, 1024 );
+#endif
+ printf( " failed\n ! x509write_crt_set_key_usage returned -0x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ printf( " ok\n" );
+ }
+
+ if( opt.ns_cert_type )
+ {
+ printf( " . Adding the NS Cert Type extension ..." );
+ fflush( stdout );
+
+ ret = x509write_crt_set_ns_cert_type( &crt, opt.ns_cert_type );
+ if( ret != 0 )
+ {
+#ifdef POLARSSL_ERROR_C
+ error_strerror( ret, buf, 1024 );
+#endif
+ printf( " failed\n ! x509write_crt_set_ns_cert_type returned -0x%02x - %s\n\n", -ret, buf );
+ goto exit;
+ }
+
+ printf( " ok\n" );
+ }
+
/*
* 1.2. Writing the request
*/