Bug#832036: ssl-cert: no easy way to have make-ssl-cert use a subjectAltName
Package: ssl-cert
Version: 1.0.35
Severity: wishlist
The make-ssl-cert(8) utility has a bunch of things it can get from
debconf:
make-ssl-cert/vulnerable_prng:
make-ssl-cert/altname:
make-ssl-cert/hostname:
make-ssl-cert/title:
These are used in the ask_via_debconf() function.
So it's possible it EITHER:
* put a SAN in the certificate, OR
* easily generate a 'snakeoil' cert that all/most Debian packages
are pre-configured to use
Perhaps a "make-ssl-cert/always-debconf" could be added, and then test
for its value: if true then call ask_via_debconf(), otherwise use
make_snakeoil() like now.
-- System Information:
Debian Release: 8.5
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages ssl-cert depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.56
ii openssl 1.0.1t-1+deb8u2
ssl-cert recommends no packages.
Versions of packages ssl-cert suggests:
pn openssl-blacklist <none>
-- debconf information excluded
Reply to: