v.licheni.net / stack / cam.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: a3143f4)
correctly set the email as subjectAltName of the CA certificate only; do not add...
authorale <ale@incal.net>
Wed, 8 Feb 2012 11:13:28 +0000 (11:13 +0000)
committerale <ale@incal.net>
Wed, 8 Feb 2012 11:13:28 +0000 (11:13 +0000)
cam/templates/ext_config patch | blob | history
cam/templates/openssl_config patch | blob | history

diff --git a/cam/templates/ext_config b/cam/templates/ext_config
index 8a193b5..161933c 100644 (file)
--- a/cam/templates/ext_config
+++ b/cam/templates/ext_config
@@ -13,7 +13,6 @@ crlDistributionPoints   = @cdp_section
 
 [ subject_alt_name ]
 %(alt_names)s
 
 [ subject_alt_name ]
 %(alt_names)s
-email = copy
 
 [ cdp_section ]
 URI.1 = %(crl_url)s
 
 [ cdp_section ]
 URI.1 = %(crl_url)s
diff --git a/cam/templates/openssl_config b/cam/templates/openssl_config
index 4583fca..4d97548 100644 (file)
--- a/cam/templates/openssl_config
+++ b/cam/templates/openssl_config
@@ -27,7 +27,7 @@ countryName             = supplied
 organizationName        = supplied
 organizationalUnitName  = optional
 commonName              = supplied
 organizationName        = supplied
 organizationalUnitName  = optional
 commonName              = supplied
-emailAddress            = supplied
+emailAddress            = optional
 
 [ policy_anything ]
 countryName             = optional
 
 [ policy_anything ]
 countryName             = optional
@@ -56,9 +56,6 @@ organizationalUnitName_default  = "%(ou)s"
 commonName                      = Common Name
 commonName_max                  = 64
 commonName_default              = "%(cn)s"
 commonName                      = Common Name
 commonName_max                  = 64
 commonName_default              = "%(cn)s"
-emailAddress                    = Email Address
-emailAddress_max                = 60
-emailAddress_default            = "%(email)s"
 SET-ex3                         = SET extension number 3
 
 [ req_attributes ]
 SET-ex3                         = SET extension number 3
 
 [ req_attributes ]
@@ -72,6 +69,8 @@ basicConstraints        = critical, CA:true
 keyUsage                = cRLSign, keyCertSign
 nsCertType              = sslCA, emailCA, objCA
 nsComment               = "%(cn)s"
 keyUsage                = cRLSign, keyCertSign
 nsCertType              = sslCA, emailCA, objCA
 nsComment               = "%(cn)s"
-subjectAltName          = email:copy
+subjectAltName          = @ca_alt_name
 issuerAltName           = issuer:copy
 
 issuerAltName           = issuer:copy
 
+[ ca_alt_name ]
+email = "%(email)s"