Bug#645515: marked as done (ssl-cert: Please support AltName)

To: Stefan Fritsch <sf@debian.org>
Subject: Bug#645515: marked as done (ssl-cert: Please support AltName)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 09 Jun 2012 19:15:06 +0000
Message-id: <[🔎] handler.645515.D645515.133926908417847.ackdone@bugs.debian.org>
References: <E1SdR4B-0008Hh-UY@franck.debian.org> <20111016150838.9777.44803.reportbug@localhost.localdomain>

Your message dated Sat, 09 Jun 2012 19:11:19 +0000
with message-id <E1SdR4B-0008Hh-UY@franck.debian.org>
and subject line Bug#645515: fixed in ssl-cert 1.0.29
has caused the Debian Bug report #645515,
regarding ssl-cert: Please support AltName
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
645515: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645515
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ssl-cert: Please support AltName
From: Jonas Smedegaard <dr@jones.dk>
Date: Sun, 16 Oct 2011 17:08:38 +0200
Message-id: <20111016150838.9777.44803.reportbug@localhost.localdomain>

Package: ssl-cert
Version: 1.0.28
Severity: wishlist

Attached patch provides support for optionally adding AltName string -
useful for hosting multiple domains on same IP, and for generating a
WebID.

diff -ruN ssl-cert-1.0.28/debian/templates ssl-cert-1.0.28~0jones1/debian/templates
--- ssl-cert-1.0.28/debian/templates	2009-07-26 22:46:05.000000000 +0200
+++ ssl-cert-1.0.28~0jones1/debian/templates	2011-10-16 12:14:32.818316707 +0200
@@ -15,6 +15,19 @@
  .
  It will become the 'commonName' field of the generated SSL certificate.
 
+Template: make-ssl-cert/altname
+Type: string
+_Description: Alternative name(s):
+ Please enter any additional names to use in the SSL certificate.
+ .
+ It will become the 'altName' field of the generated SSL certificate.
+ .
+ Multiple alternative names should be delimited with comma and no space,
+ like this (adding a hostname, a WebID, an email address and an IPv4
+ address):
+ .
+ DNS:example.com,URI:http://example.com/joe#me,email:me@example.com,IP:192.168.7.3
+
 Template: make-ssl-cert/title
 Type: title
 _Description: Configure an SSL Certificate.
diff -ruN ssl-cert-1.0.28/make-ssl-cert ssl-cert-1.0.28~0jones1/make-ssl-cert
--- ssl-cert-1.0.28/make-ssl-cert	2009-11-08 11:20:55.000000000 +0100
+++ ssl-cert-1.0.28~0jones1/make-ssl-cert	2011-10-16 12:59:28.159714146 +0200
@@ -27,6 +27,13 @@
     db_get make-ssl-cert/hostname
     HostName="$RET"
     db_fset make-ssl-cert/hostname seen false
+
+    db_fset make-ssl-cert/altname seen false
+    db_input high make-ssl-cert/altname || true
+    db_go
+    db_get make-ssl-cert/altname
+    AltName="$RET"
+    db_fset make-ssl-cert/altname seen false
 }
 
 make_snakeoil() {
@@ -41,6 +48,7 @@
 
 create_temporary_cnf() {
     sed -e s#@HostName@#"$HostName"# $template > $TMPFILE
+    [ -z "$AltName" ] || echo "subjectAltName=$AltName" >> $TMPFILE
 }
 
 # Takes two arguments, the base layout and the output cert.
diff -ruN ssl-cert-1.0.28/ssleay.cnf ssl-cert-1.0.28~0jones1/ssleay.cnf
--- ssl-cert-1.0.28/ssleay.cnf	2010-10-02 14:46:05.000000000 +0200
+++ ssl-cert-1.0.28~0jones1/ssleay.cnf	2011-10-16 13:00:19.979828213 +0200
@@ -10,6 +10,11 @@
 distinguished_name      = req_distinguished_name
 prompt                  = no
 policy			= policy_anything
+req_extensions          = v3_req
+x509_extensions         = v3_req
 
 [ req_distinguished_name ]
 commonName                      = @HostName@
+
+[ v3_req ]
+basicConstraints        = CA:FALSE

--- End Message ---

--- Begin Message ---

To: 645515-close@bugs.debian.org
Subject: Bug#645515: fixed in ssl-cert 1.0.29
From: Stefan Fritsch <sf@debian.org>
Date: Sat, 09 Jun 2012 19:11:19 +0000
Message-id: <E1SdR4B-0008Hh-UY@franck.debian.org>

Source: ssl-cert
Source-Version: 1.0.29

We believe that the bug you reported is fixed in the latest version of
ssl-cert, which is due to be installed in the Debian FTP archive:

ssl-cert_1.0.29.dsc
  to main/s/ssl-cert/ssl-cert_1.0.29.dsc
ssl-cert_1.0.29.tar.gz
  to main/s/ssl-cert/ssl-cert_1.0.29.tar.gz
ssl-cert_1.0.29_all.deb
  to main/s/ssl-cert/ssl-cert_1.0.29_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 645515@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated ssl-cert package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 09 Jun 2012 20:33:07 +0200
Source: ssl-cert
Binary: ssl-cert
Architecture: source all
Version: 1.0.29
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description: 
 ssl-cert   - simple debconf wrapper for OpenSSL
Closes: 628373 645515 674598
Changes: 
 ssl-cert (1.0.29) unstable; urgency=low
 .
   * Add support for subject alternative names. Thanks to Jonas Smedegaard for
     the patch. Closes: #645515
     (Sorry to all translators for adding a template so close to the freeze.)
   * For "make-ssl-cert generate-default-snakeoil", if the FQDN is too long,
     put it in the SubjAltName and use the simple hostname as CN.
     Closes: #674598
   * Add Catalan translation. Thanks to Innocent De Marchi. Closes: #628373
   * Bump Standards-Version (no changes).
   * Switch VCS to git
   * Fix lintian warnings about build-arch/build-indep targets in debian/rules.
Checksums-Sha1: 
 3277a1bb8667034b5bbdd3d3e58654f0c0e5fc6f 994 ssl-cert_1.0.29.dsc
 644a3ffebb5f67c5e920b562ba042336b3f7c06e 23820 ssl-cert_1.0.29.tar.gz
 6155bf5ec598796cbad0ec691c799f5a8f53536e 15594 ssl-cert_1.0.29_all.deb
Checksums-Sha256: 
 9f45c7864a09bba08da12cd7249b715e540e33f4fc13e1790b13a1e902b028ab 994 ssl-cert_1.0.29.dsc
 19c0e39f9deda84fb2814d89e40a00e59f69044405f2331e3756e7198658573e 23820 ssl-cert_1.0.29.tar.gz
 4610e7a0653b7262a519f29f55a10b1aa8e6932e0d115d2e1ee1af75574bcc26 15594 ssl-cert_1.0.29_all.deb
Files: 
 384286b2620ac35afb0bf4256e352387 994 utils optional ssl-cert_1.0.29.dsc
 9d5d3d12cb1e799513530272cc630930 23820 utils optional ssl-cert_1.0.29.tar.gz
 acaa4122c9009d55a6f76208937e987b 15594 utils optional ssl-cert_1.0.29_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFP05xJbxelr8HyTqQRAh0gAJsEjNkYLXYKGEVqNhbr19KdIO0ZagCeItj9
OmzZHggM94TQyOj244Lv15w=
=BgBI
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#628373: marked as done (Updated debconf PO Catalan translation for the package ssl-cert)
Next by Date: Bug#674598: marked as done (make-ssl-cert fails on long-named hosts)
Previous by thread: Bug#628373: marked as done (Updated debconf PO Catalan translation for the package ssl-cert)
Next by thread: Bug#674598: marked as done (make-ssl-cert fails on long-named hosts)
Index(es):
- Date
- Thread