[Pkg-apache-commits] [SCM] The ssl-cert package for Debian branch, master, updated. 579413b054b9135622020ce892bf25adc3044011
Stefan Fritsch
sf at sfritsch.de
Sat Jun 9 18:56:54 UTC 2012
The following commit has been merged in the master branch:
commit 8de94b65974ec12325c876c5114f6c639427ed62
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Sat Jun 9 20:04:32 2012 +0200
Add support for subject alternative names
diff --git a/debian/changelog b/debian/changelog
index 744e791..59fd43d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,7 @@
ssl-cert (1.0.29) UNRELEASED; urgency=low
+ * Add support for subject alternative names. Thanks to Jonas Smedegaard for
+ the patch. Closes: #645515
* Add Catalan translation. Thanks to Innocent De Marchi. Closes: #628373
* Bump Standards-Version (no changes).
* Switch VCS to git
diff --git a/debian/templates b/debian/templates
index 686a77f..5449cf7 100644
--- a/debian/templates
+++ b/debian/templates
@@ -15,6 +15,23 @@ _Description: Host name:
.
It will become the 'commonName' field of the generated SSL certificate.
+Template: make-ssl-cert/altname
+Type: string
+_Description: Alternative name(s):
+ Please enter any additional names to use in the SSL certificate.
+ .
+ It will become the 'subjectAltName' field of the generated SSL certificate.
+ .
+ Multiple alternative names should be delimited with comma and no spaces.
+ For a web server with multiple DNS names this could look like:
+ .
+ DNS:www.example.com,DNS:images.example.com
+ .
+ A more complex example including a hostname, a WebID, an email address, and
+ an IPv4 address:
+ .
+ DNS:example.com,URI:http://example.com/joe#me,email:me@example.com,IP:192.168.7.3
+
Template: make-ssl-cert/title
Type: title
_Description: Configure an SSL Certificate.
diff --git a/make-ssl-cert b/make-ssl-cert
index 565f1c3..f7c7bf9 100755
--- a/make-ssl-cert
+++ b/make-ssl-cert
@@ -27,6 +27,13 @@ ask_via_debconf() {
db_get make-ssl-cert/hostname
HostName="$RET"
db_fset make-ssl-cert/hostname seen false
+
+ db_fset make-ssl-cert/altname seen false
+ db_input high make-ssl-cert/altname || true
+ db_go
+ db_get make-ssl-cert/altname
+ AltName="$RET"
+ db_fset make-ssl-cert/altname seen false
}
make_snakeoil() {
@@ -41,6 +48,7 @@ make_snakeoil() {
create_temporary_cnf() {
sed -e s#@HostName@#"$HostName"# $template > $TMPFILE
+ [ -z "$AltName" ] || echo "subjectAltName=$AltName" >> $TMPFILE
}
# Takes two arguments, the base layout and the output cert.
diff --git a/ssleay.cnf b/ssleay.cnf
index a28abb3..b68bc6c 100644
--- a/ssleay.cnf
+++ b/ssleay.cnf
@@ -10,6 +10,11 @@ default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
prompt = no
policy = policy_anything
+req_extensions = v3_req
+x509_extensions = v3_req
[ req_distinguished_name ]
commonName = @HostName@
+
+[ v3_req ]
+basicConstraints = CA:FALSE
--
The ssl-cert package for Debian
More information about the Pkg-apache-commits
mailing list