Bug#832036: ssl-cert: no easy way to have make-ssl-cert use a subjectAltName

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#832036: ssl-cert: no easy way to have make-ssl-cert use a subjectAltName
From: David Magda <david.magda@oicr.on.ca>
Date: Thu, 21 Jul 2016 11:52:24 -0400
Message-id: <[🔎] 20160721155224.10256.548.reportbug@bioinformatics-ca-lists1.oicr.on.ca>
Reply-to: David Magda <david.magda@oicr.on.ca>, 832036@bugs.debian.org

Package: ssl-cert
Version: 1.0.35
Severity: wishlist

The make-ssl-cert(8) utility has a bunch of things it can get from
debconf:

  make-ssl-cert/vulnerable_prng:
  make-ssl-cert/altname:
  make-ssl-cert/hostname:
  make-ssl-cert/title:

These are used in the ask_via_debconf() function.

So it's possible it EITHER:
* put a SAN in the certificate, OR
* easily generate a 'snakeoil' cert that all/most Debian packages
  are pre-configured to use

Perhaps a "make-ssl-cert/always-debconf" could be added, and then test
for its value: if true then call ask_via_debconf(), otherwise use
make_snakeoil() like now.


-- System Information:
Debian Release: 8.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ssl-cert depends on:
ii  adduser                3.113+nmu3
ii  debconf [debconf-2.0]  1.5.56
ii  openssl                1.0.1t-1+deb8u2

ssl-cert recommends no packages.

Versions of packages ssl-cert suggests:
pn  openssl-blacklist  <none>

-- debconf information excluded

Reply to:

Prev by Date: apache2_2.4.10-10+deb8u5_amd64.changes ACCEPTED into proposed-updates->stable-new
Next by Date: Processing of apache2_2.4.23-2_amd64.changes
Previous by thread: apache2_2.4.10-10+deb8u5_amd64.changes ACCEPTED into proposed-updates->stable-new
Next by thread: Processing of apache2_2.4.23-2_amd64.changes
Index(es):
- Date
- Thread