From: ale <ale@incal.net>
Date: Wed, 8 Feb 2012 11:13:28 +0000 (+0000)
Subject: correctly set the email as subjectAltName of the CA certificate only; do not add... 
X-Git-Url: https://v.licheni.net/stack/cam.git/commitdiff_plain/d81c4cdb7c84ab895b7d657a09211fd4d3d23de9?ds=sidebyside

correctly set the email as subjectAltName of the CA certificate only; do not add it to the DN
---

diff --git a/cam/templates/ext_config b/cam/templates/ext_config
index 8a193b5..161933c 100644
--- a/cam/templates/ext_config
+++ b/cam/templates/ext_config
@@ -13,7 +13,6 @@ crlDistributionPoints   = @cdp_section
 
 [ subject_alt_name ]
 %(alt_names)s
-email = copy
 
 [ cdp_section ]
 URI.1 = %(crl_url)s
diff --git a/cam/templates/openssl_config b/cam/templates/openssl_config
index 4583fca..4d97548 100644
--- a/cam/templates/openssl_config
+++ b/cam/templates/openssl_config
@@ -27,7 +27,7 @@ countryName             = supplied
 organizationName        = supplied
 organizationalUnitName  = optional
 commonName              = supplied
-emailAddress            = supplied
+emailAddress            = optional
 
 [ policy_anything ]
 countryName             = optional
@@ -56,9 +56,6 @@ organizationalUnitName_default  = "%(ou)s"
 commonName                      = Common Name
 commonName_max                  = 64
 commonName_default              = "%(cn)s"
-emailAddress                    = Email Address
-emailAddress_max                = 60
-emailAddress_default            = "%(email)s"
 SET-ex3                         = SET extension number 3
 
 [ req_attributes ]
@@ -72,6 +69,8 @@ basicConstraints        = critical, CA:true
 keyUsage                = cRLSign, keyCertSign
 nsCertType              = sslCA, emailCA, objCA
 nsComment               = "%(cn)s"
-subjectAltName          = email:copy
+subjectAltName          = @ca_alt_name
 issuerAltName           = issuer:copy
 
+[ ca_alt_name ]
+email = "%(email)s"