1N/A * The contents of this file are subject to the terms of the 1N/A * Common Development and Distribution License (the "License"). 1N/A * You may not use this file except in compliance with the License. 1N/A * See the License for the specific language governing permissions 1N/A * and limitations under the License. 1N/A * When distributing Covered Code, include this CDDL HEADER in each 1N/A * If applicable, add the following below this CDDL HEADER, with the 1N/A * fields enclosed by brackets "[]" replaced with your own identifying 1N/A * information: Portions Copyright [yyyy] [name of copyright owner] 1N/A * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. 1N/Astatic int err;
/* To store errno which may be overwritten by gettext() */ 1N/A "e:(ignore-unknown-eku)" 1N/A "a:(ignore-trust-anchor)" 1N/A "v:(validity-adjusttime)" 1N/A "o:(ocsp-responder)" 1N/A "r:(ocsp-use-cert-responder)" 1N/A "T:(ocsp-response-lifetime)" 1N/A "R:(ocsp-ignore-response-sign)" 1N/A "n:(ocsp-responder-cert-name)" 1N/A "A:(ocsp-responder-cert-serial)" 1N/A "c:(crl-basefilename)" 1N/A "g:(crl-get-crl-uri)" 1N/A "S:(crl-ignore-crl-sign)" 1N/A "D:(crl-ignore-crl-date)" 1N/A "M:(mapper-directory)" 1N/A "Q:(mapper-pathname)" 1N/A "q:(mapper-options)" 1N/A /* for syntax checking */ 1N/A /* for syntax checking */ "must be specified as a " gettext(
"Error boolean input.\n"));
/* for syntax checking */ gettext(
"Error boolean input.\n"));
/* for syntax checking */ "must be specified as a " gettext(
"Error boolean input.\n"));
"Error basefilename input.\n"));
gettext(
"Error boolean input.\n"));
gettext(
"Error boolean input.\n"));
gettext(
"Error boolean input.\n"));
gettext(
"Error boolean input.\n"));
gettext(
"Error boolean input.\n"));
"Error keyusage input.\n"));
gettext(
"Error boolean input.\n"));
gettext(
"Error EKU OID input.\n"));
gettext(
"Error boolean input.\n"));
rv = 0;
/* its ok for this to be NULL */ /* No additional args allowed. */ * Must have a policy name. The policy name can not be default * if using the default policy file. gettext(
"You must specify a policy name.\n"));
gettext(
"Can not modify the default policy in the default " /* Check the access permission of the policy DB */ gettext(
"Cannot access \"%s\" for modify - %s\n"),
/* Try to load the named policy from the DB */ /* Update the general policy attributes. */ * There are some combinations of attributes that are not valid. * First, setting mapper-name (with optional mapper-directory) and * mapper-pathname is mutually exclusive. /* Mapper directory can be set only if mapper name is set. */ /* Options can be set only if mapper name or pathname is set. */ gettext(
"Error in mapper input options\n"));
/* Update the OCSP policy */ gettext(
"Can not set ocsp-none=true and other " "OCSP attributes at the same time.\n"));
* If the original policy does not have OCSP checking, * then we do not need to do anything. If the original * policy has the OCSP checking, then we need to release the * space of OCSP attributes and turn the OCSP checking off. /* Turn off the OCSP checking */ * If the "ocsp-none" option is not set or is set to false, * then we only need to do the modification if there is at * least one OCSP attribute is specified. /* Turn on the OCSP checking */ /* Update the CRL policy */ gettext(
"Can not set crl-none=true and other CRL " "attributes at the same time.\n"));
* If the original policy does not have CRL checking, * then we do not need to do anything. If the original * policy has the CRL checking, then we need to release the * space of CRL attributes and turn the CRL checking off. /* Turn off the CRL checking */ * If the "ocsp-none" option is not set or is set to false, * then we only need to do the modification if there is at * least one CRL attribute is specified. /* Turn on the CRL checking */ /* Update the Key Usage */ gettext(
"Can not set keyusage-none=true and " "modify the keyusage value at the same time.\n"));
* If the "keyusage-none" option is not set or is set to * false, then we only need to do the modification if * the keyusage value is specified. /* Update the Extended Key Usage */ gettext(
"Can not set eku-none=true and modify " "EKU values at the same time.\n"));
/* Release current EKU list (if any) */ * If the "eku-none" option is not set or is set to false, * then we only need to do the modification if either * "ekuname" or "ekuoids" is specified. /* Release current EKU list (if any) */ /* Do a sanity check on the modified policy */ /* The modify operation is a delete followed by an add */ * Now add the modified policy back to the DB. gettext(
"Error adding policy to database: 0x%04x\n"),
ret);
gettext(
"duplicate plugin input.\n"));
"Error keystore input.\n"));
gettext(
"duplicate option input.\n"));
/* No additional args allowed. */ gettext(
"Can not modify the built-in keystore %s\n"),
"the new option is same as the old option.\n"));
gettext(
"failed to update the configuration - %s\n"),
gettext(
"failed to lock the configuration - %s\n"),
* Create a temporary file in the /etc/crypto directory. gettext(
"failed to create a temporary file - %s\n"),
gettext(
"failed to open %s - %s\n"),
* Loop thru the config file and update the entry. * make a copy of the original buffer to buffer2. Also get * rid of the trailing '\n' from buffer2. "failed to write to %s: %s\n"),
"failed to update the configuration - %s"),
strerror(
err));
"failed to update the configuration - %s\n"),