From 294e26566b9a7871f90f2712e631a0b8d9f24beb Mon Sep 17 00:00:00 2001 From: Manish V Badarkhe Date: Tue, 26 Jan 2021 10:55:49 +0000 Subject: [PATCH] tools: cert_create: Create only requested certificates The certification tool creates all the certificates mentioned statically in the code rather than taking explicit certificate requests from the command line parameters. Code is optimized to avoid unnecessary attempts to create non-requested certificates. Signed-off-by: Manish V Badarkhe Change-Id: I78feac25bc701bf8f08c6aa5a2e1590bec92d0f2 --- tools/cert_create/src/main.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c index d5abe4917..8a5337742 100644 --- a/tools/cert_create/src/main.c +++ b/tools/cert_create/src/main.c @@ -473,6 +473,11 @@ int main(int argc, char *argv[]) cert = &certs[i]; + if (cert->fn == NULL) { + /* Certificate not requested. Skip to the next one */ + continue; + } + /* Create a new stack of extensions. This stack will be used * to create the certificate */ CHECK_NULL(sk, sk_X509_EXTENSION_new_null()); @@ -534,7 +539,7 @@ int main(int argc, char *argv[]) } /* Create certificate. Signed with corresponding key */ - if (cert->fn && !cert_new(hash_alg, cert, VAL_DAYS, 0, sk)) { + if (!cert_new(hash_alg, cert, VAL_DAYS, 0, sk)) { ERROR("Cannot create %s\n", cert->cn); exit(1); }