Allow specifying duration in units of days or years
Use UTCTime for dates before 2050
This is required to strictly conform to RFC 5280. It seemed that
the trade-off was potentially breaking support for old implementations,
but it seems that even modern LibreSSL rejects dates <2050 using
the GeneralizedTime format (though I believe this is non-conforming).
Use gmtime_r to convert to broken-down time
gmtime is not thread-safe, and this may be used in an application
using threads. Though gmtime_r is not in C99, it is in POSIX and
in the current C23 draft.
Switch order of command-line arguments and make subject optional
dn_string: Allow empty DN
Add missing dependencies to install target
I removed these earlier... must've been confused. Only the static
files (*. *.h) are unnecessary.
Set CFLAGS and LDLIBS before including config.mk
Use tag==0 to indicate pre-encoded item contents
This removes the need for x509cert_raw_encoder.
Set alt encoder to NULL
This array is previously uninitialized, and we want to use the
dn_string: Initialize `space` in case attribute value is empty
dn_string: Cast is*() argument to unsigned char
Otherwise, multibyte characters may end up as negative when converted
to int, and these functions have undefined behavior with negative
argument (that is not EOF).
dn_string: Set NULL encoder for RDN values
Allocate 1 extra byte for PEM null terminator
The length returned by br_pem_encode does not include the nul
terminator that it writes. Even though we write with fwrite so don't
need it, we need to make sure the buffer is large enough.
der: Include inner.h for some prototypes
Write xmallocarray in terms of xmalloc
Remove const from some pointer types in structures
It is often more convenient if these are not const during their