[Pkg-apache-commits] [SCM] The ssl-cert package for Debian branch, master, updated. 579413b054b9135622020ce892bf25adc3044011

[Stefan Fritsch]

The following commit has been merged in the master branch:
commit 8de94b65974ec12325c876c5114f6c639427ed62
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Sat Jun 9 20:04:32 2012 +0200

    Add support for subject alternative names

diff --git a/debian/changelog b/debian/changelog
index 744e791..59fd43d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,7 @@
 ssl-cert (1.0.29) UNRELEASED; urgency=low
 
+  * Add support for subject alternative names. Thanks to Jonas Smedegaard for
+    the patch. Closes: #645515
   * Add Catalan translation. Thanks to Innocent De Marchi. Closes: #628373
   * Bump Standards-Version (no changes).
   * Switch VCS to git
diff --git a/debian/templates b/debian/templates
index 686a77f..5449cf7 100644
--- a/debian/templates
+++ b/debian/templates
@@ -15,6 +15,23 @@ _Description: Host name:
  .
  It will become the 'commonName' field of the generated SSL certificate.
 
+Template: make-ssl-cert/altname
+Type: string
+_Description: Alternative name(s):
+ Please enter any additional names to use in the SSL certificate.
+ .
+ It will become the 'subjectAltName' field of the generated SSL certificate.
+ .
+ Multiple alternative names should be delimited with comma and no spaces.
+ For a web server with multiple DNS names this could look like:
+ .
+ DNS:www.example.com,DNS:images.example.com
+ .
+ A more complex example including a hostname, a WebID, an email address, and
+ an IPv4 address:
+ .
+ DNS:example.com,URI:http://example.com/joe#me,email:me@example.com,IP:192.168.7.3
+
 Template: make-ssl-cert/title
 Type: title
 _Description: Configure an SSL Certificate.
diff --git a/make-ssl-cert b/make-ssl-cert
index 565f1c3..f7c7bf9 100755
--- a/make-ssl-cert
+++ b/make-ssl-cert
@@ -27,6 +27,13 @@ ask_via_debconf() {
     db_get make-ssl-cert/hostname
     HostName="$RET"
     db_fset make-ssl-cert/hostname seen false
+
+    db_fset make-ssl-cert/altname seen false
+    db_input high make-ssl-cert/altname || true
+    db_go
+    db_get make-ssl-cert/altname
+    AltName="$RET"
+    db_fset make-ssl-cert/altname seen false
 }
 
 make_snakeoil() {
@@ -41,6 +48,7 @@ make_snakeoil() {
 
 create_temporary_cnf() {
     sed -e s#@HostName@#"$HostName"# $template > $TMPFILE
+    [ -z "$AltName" ] || echo "subjectAltName=$AltName" >> $TMPFILE
 }
 
 # Takes two arguments, the base layout and the output cert.
diff --git a/ssleay.cnf b/ssleay.cnf
index a28abb3..b68bc6c 100644
--- a/ssleay.cnf
+++ b/ssleay.cnf
@@ -10,6 +10,11 @@ default_keyfile         = privkey.pem
 distinguished_name      = req_distinguished_name
 prompt                  = no
 policy			= policy_anything
+req_extensions          = v3_req
+x509_extensions         = v3_req
 
 [ req_distinguished_name ]
 commonName                      = @HostName@
+
+[ v3_req ]
+basicConstraints        = CA:FALSE

-- 
The ssl-cert package for Debian