--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ssl-cert: Please support AltName
- From: Jonas Smedegaard <dr@jones.dk>
- Date: Sun, 16 Oct 2011 17:08:38 +0200
- Message-id: <20111016150838.9777.44803.reportbug@localhost.localdomain>
Package: ssl-cert
Version: 1.0.28
Severity: wishlist
Attached patch provides support for optionally adding AltName string -
useful for hosting multiple domains on same IP, and for generating a
WebID.
diff -ruN ssl-cert-1.0.28/debian/templates ssl-cert-1.0.28~0jones1/debian/templates
--- ssl-cert-1.0.28/debian/templates 2009-07-26 22:46:05.000000000 +0200
+++ ssl-cert-1.0.28~0jones1/debian/templates 2011-10-16 12:14:32.818316707 +0200
@@ -15,6 +15,19 @@
.
It will become the 'commonName' field of the generated SSL certificate.
+Template: make-ssl-cert/altname
+Type: string
+_Description: Alternative name(s):
+ Please enter any additional names to use in the SSL certificate.
+ .
+ It will become the 'altName' field of the generated SSL certificate.
+ .
+ Multiple alternative names should be delimited with comma and no space,
+ like this (adding a hostname, a WebID, an email address and an IPv4
+ address):
+ .
+ DNS:example.com,URI:http://example.com/joe#me,email:me@example.com,IP:192.168.7.3
+
Template: make-ssl-cert/title
Type: title
_Description: Configure an SSL Certificate.
diff -ruN ssl-cert-1.0.28/make-ssl-cert ssl-cert-1.0.28~0jones1/make-ssl-cert
--- ssl-cert-1.0.28/make-ssl-cert 2009-11-08 11:20:55.000000000 +0100
+++ ssl-cert-1.0.28~0jones1/make-ssl-cert 2011-10-16 12:59:28.159714146 +0200
@@ -27,6 +27,13 @@
db_get make-ssl-cert/hostname
HostName="$RET"
db_fset make-ssl-cert/hostname seen false
+
+ db_fset make-ssl-cert/altname seen false
+ db_input high make-ssl-cert/altname || true
+ db_go
+ db_get make-ssl-cert/altname
+ AltName="$RET"
+ db_fset make-ssl-cert/altname seen false
}
make_snakeoil() {
@@ -41,6 +48,7 @@
create_temporary_cnf() {
sed -e s#@HostName@#"$HostName"# $template > $TMPFILE
+ [ -z "$AltName" ] || echo "subjectAltName=$AltName" >> $TMPFILE
}
# Takes two arguments, the base layout and the output cert.
diff -ruN ssl-cert-1.0.28/ssleay.cnf ssl-cert-1.0.28~0jones1/ssleay.cnf
--- ssl-cert-1.0.28/ssleay.cnf 2010-10-02 14:46:05.000000000 +0200
+++ ssl-cert-1.0.28~0jones1/ssleay.cnf 2011-10-16 13:00:19.979828213 +0200
@@ -10,6 +10,11 @@
distinguished_name = req_distinguished_name
prompt = no
policy = policy_anything
+req_extensions = v3_req
+x509_extensions = v3_req
[ req_distinguished_name ]
commonName = @HostName@
+
+[ v3_req ]
+basicConstraints = CA:FALSE
--- End Message ---
--- Begin Message ---
Source: ssl-cert
Source-Version: 1.0.29
We believe that the bug you reported is fixed in the latest version of
ssl-cert, which is due to be installed in the Debian FTP archive:
ssl-cert_1.0.29.dsc
to main/s/ssl-cert/ssl-cert_1.0.29.dsc
ssl-cert_1.0.29.tar.gz
to main/s/ssl-cert/ssl-cert_1.0.29.tar.gz
ssl-cert_1.0.29_all.deb
to main/s/ssl-cert/ssl-cert_1.0.29_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 645515@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated ssl-cert package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 09 Jun 2012 20:33:07 +0200
Source: ssl-cert
Binary: ssl-cert
Architecture: source all
Version: 1.0.29
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
ssl-cert - simple debconf wrapper for OpenSSL
Closes: 628373 645515 674598
Changes:
ssl-cert (1.0.29) unstable; urgency=low
.
* Add support for subject alternative names. Thanks to Jonas Smedegaard for
the patch. Closes: #645515
(Sorry to all translators for adding a template so close to the freeze.)
* For "make-ssl-cert generate-default-snakeoil", if the FQDN is too long,
put it in the SubjAltName and use the simple hostname as CN.
Closes: #674598
* Add Catalan translation. Thanks to Innocent De Marchi. Closes: #628373
* Bump Standards-Version (no changes).
* Switch VCS to git
* Fix lintian warnings about build-arch/build-indep targets in debian/rules.
Checksums-Sha1:
3277a1bb8667034b5bbdd3d3e58654f0c0e5fc6f 994 ssl-cert_1.0.29.dsc
644a3ffebb5f67c5e920b562ba042336b3f7c06e 23820 ssl-cert_1.0.29.tar.gz
6155bf5ec598796cbad0ec691c799f5a8f53536e 15594 ssl-cert_1.0.29_all.deb
Checksums-Sha256:
9f45c7864a09bba08da12cd7249b715e540e33f4fc13e1790b13a1e902b028ab 994 ssl-cert_1.0.29.dsc
19c0e39f9deda84fb2814d89e40a00e59f69044405f2331e3756e7198658573e 23820 ssl-cert_1.0.29.tar.gz
4610e7a0653b7262a519f29f55a10b1aa8e6932e0d115d2e1ee1af75574bcc26 15594 ssl-cert_1.0.29_all.deb
Files:
384286b2620ac35afb0bf4256e352387 994 utils optional ssl-cert_1.0.29.dsc
9d5d3d12cb1e799513530272cc630930 23820 utils optional ssl-cert_1.0.29.tar.gz
acaa4122c9009d55a6f76208937e987b 15594 utils optional ssl-cert_1.0.29_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFP05xJbxelr8HyTqQRAh0gAJsEjNkYLXYKGEVqNhbr19KdIO0ZagCeItj9
OmzZHggM94TQyOj244Lv15w=
=BgBI
-----END PGP SIGNATURE-----
--- End Message ---