Bug#645515: ssl-cert: Please support AltName
Package: ssl-cert
Version: 1.0.28
Severity: wishlist
Attached patch provides support for optionally adding AltName string -
useful for hosting multiple domains on same IP, and for generating a
WebID.
diff -ruN ssl-cert-1.0.28/debian/templates ssl-cert-1.0.28~0jones1/debian/templates
--- ssl-cert-1.0.28/debian/templates 2009-07-26 22:46:05.000000000 +0200
+++ ssl-cert-1.0.28~0jones1/debian/templates 2011-10-16 12:14:32.818316707 +0200
@@ -15,6 +15,19 @@
.
It will become the 'commonName' field of the generated SSL certificate.
+Template: make-ssl-cert/altname
+Type: string
+_Description: Alternative name(s):
+ Please enter any additional names to use in the SSL certificate.
+ .
+ It will become the 'altName' field of the generated SSL certificate.
+ .
+ Multiple alternative names should be delimited with comma and no space,
+ like this (adding a hostname, a WebID, an email address and an IPv4
+ address):
+ .
+ DNS:example.com,URI:http://example.com/joe#me,email:me@example.com,IP:192.168.7.3
+
Template: make-ssl-cert/title
Type: title
_Description: Configure an SSL Certificate.
diff -ruN ssl-cert-1.0.28/make-ssl-cert ssl-cert-1.0.28~0jones1/make-ssl-cert
--- ssl-cert-1.0.28/make-ssl-cert 2009-11-08 11:20:55.000000000 +0100
+++ ssl-cert-1.0.28~0jones1/make-ssl-cert 2011-10-16 12:59:28.159714146 +0200
@@ -27,6 +27,13 @@
db_get make-ssl-cert/hostname
HostName="$RET"
db_fset make-ssl-cert/hostname seen false
+
+ db_fset make-ssl-cert/altname seen false
+ db_input high make-ssl-cert/altname || true
+ db_go
+ db_get make-ssl-cert/altname
+ AltName="$RET"
+ db_fset make-ssl-cert/altname seen false
}
make_snakeoil() {
@@ -41,6 +48,7 @@
create_temporary_cnf() {
sed -e s#@HostName@#"$HostName"# $template > $TMPFILE
+ [ -z "$AltName" ] || echo "subjectAltName=$AltName" >> $TMPFILE
}
# Takes two arguments, the base layout and the output cert.
diff -ruN ssl-cert-1.0.28/ssleay.cnf ssl-cert-1.0.28~0jones1/ssleay.cnf
--- ssl-cert-1.0.28/ssleay.cnf 2010-10-02 14:46:05.000000000 +0200
+++ ssl-cert-1.0.28~0jones1/ssleay.cnf 2011-10-16 13:00:19.979828213 +0200
@@ -10,6 +10,11 @@
distinguished_name = req_distinguished_name
prompt = no
policy = policy_anything
+req_extensions = v3_req
+x509_extensions = v3_req
[ req_distinguished_name ]
commonName = @HostName@
+
+[ v3_req ]
+basicConstraints = CA:FALSE
Reply to: