prof.id = std::stoi( id );
prof.eku = map->at( "eku" );
prof.ku = map->at( "ku" );
+ {
+ std::string include = map->at( "include" );
+ size_t pos = 0;
+ size_t end = 0;
+ std::unordered_set<std::string> include_set;
+
+ while( ( end = include.find( ",", pos ) ) != std::string::npos ) {
+ include_set.emplace( include.substr( pos, end - pos ) );
+ pos = end + 1;
+ }
+
+ include_set.emplace( include.substr( pos ) );
+ prof.include = include_set;
+ }
prof.maxValidity = std::stoi( map->at( "days" ) ) * /* DAYS */24 * 60 * 60;
std::string ku = std::string( "critical," ) + prof.ku;
add_ext( caCert, target, NID_key_usage, ku.c_str() );
add_ext( caCert, target, NID_ext_key_usage, prof.eku.c_str() );
- add_ext( caCert, target, NID_info_access, ( ( ocspPath.empty() ? "" : "OCSP;URI:" + ocspPath + "," ) + "caIssuers;URI:" + crtURL ).c_str() );
+ add_ext( caCert, target, NID_info_access, ( ( ocspPath.empty() || prof.include.find( "noOCSP" ) != prof.include.end() ? "" : "OCSP;URI:" + ocspPath + "," ) + "caIssuers;URI:" + crtURL ).c_str() );
add_ext( caCert, target, NID_crl_distribution_points, ( "URI:" + crlURL ).c_str() );
if( sans.empty() ) {
#include <vector>
#include <cinttypes>
#include <ctime>
+#include <unordered_set>
#include <openssl/ssl.h>
std::vector<std::shared_ptr<CAConfig>> ca;
std::time_t maxValidity;
+ std::unordered_set<std::string> include;
std::shared_ptr<CAConfig> getCA() {
std::shared_ptr<CAConfig> min = nullptr;
eku=
ku=
days=10
+include=
EOF
mkdir -p ca/unassured_2015_2