easy-rsa/83a1a21.patch

From 83a1a21e7a90e8666498dec2fa35ee5b8f67920c Mon Sep 17 00:00:00 2001
From: Eric F Crist <ecrist@secure-computing.net>
Date: Tue, 22 Aug 2017 20:52:26 -0500
Subject: [PATCH] Add --copy-ext option

Adding the --copy-ext option to copy request extension data.  This will
resolve #60 and other Subject Alternative Name "issues" that have been
created.

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
---
 easyrsa3/easyrsa | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 81618d3..55de809 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -199,6 +199,7 @@ Certificate & Request options: (these impact cert/req field values)
                      ./easyrsa help altname
 --use-algo=ALG  : crypto alg to use: choose rsa (default) or ec
 --curve=NAME    : for elliptic curve, sets the named curve to use
+--copy-ext      : Copy included request X509 extensions (namely subjAltName
 
 Organizational DN options: (only used with the 'org' DN mode)
   (values may be blank for org DN options)
@@ -623,6 +624,8 @@ $(display_dn req "$req_in")
 		# Append first any COMMON file (if present) then the cert-type extensions
 		cat "$EASYRSA_EXT_DIR/COMMON"
 		cat "$EASYRSA_EXT_DIR/$crt_type"
+		# copy req extensions
+		[ $EASYRSA_CP_EXT ] && print "copy_extensions = copy"
 
 		# Support a dynamic CA path length when present:
 		[ "$crt_type" = "ca" ] && [ -n "$EASYRSA_SUBCA_LEN" ] && \
@@ -1063,6 +1066,7 @@ Note: using Easy-RSA configuration from: $vars"
 	set_var EASYRSA_TEMP_FILE_3	""
 	set_var EASYRSA_REQ_CN		ChangeMe
 	set_var EASYRSA_DIGEST		sha256
+	set_var EASYRSA_CP_EXT		0
 
 	# Detect openssl config, preferring EASYRSA_PKI over EASYRSA
 	if [ -f "$EASYRSA_PKI/openssl-1.0.cnf" ]; then
@@ -1165,6 +1169,8 @@ while :; do
 		export EASYRSA_SUBCA_LEN="$val" ;;
 	--vars)
 		export EASYRSA_VARS_FILE="$val" ;;
+	--copy-ext)
+		export EASYRSA_CP_EXT=1 ;;
 	--subject-alt-name)
 		export EASYRSA_EXTRA_EXTS="\
 $EASYRSA_EXTRA_EXTS
Accepting request 518428 from home:oreinert:branches:network:vpn - Include upstream patches: + 4eac410.patch Fix string comprehension + a138c0d.patch Fix incorrect "openssl rand" usage + 83a1a21.patch Add --copy-ext option - Include upstream patches: + d20d2b3.patch Update docs and examples to fit changes in 534f673 - Adapted easy-rsa-packaging.patch to work with upstream patch - Include upstream patches: + 534f673.patch Make $PWD/pki the default PKI location - Adapted easy-rsa-packaging.patch to work with upstream patch - Treat /etc/easy-rsa as public default config, no default vars OBS-URL: https://build.opensuse.org/request/show/518428 OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=10 2017-08-28 22:15:39 +02:00			`From 83a1a21e7a90e8666498dec2fa35ee5b8f67920c Mon Sep 17 00:00:00 2001`
			`From: Eric F Crist <ecrist@secure-computing.net>`
			`Date: Tue, 22 Aug 2017 20:52:26 -0500`
			`Subject: [PATCH] Add --copy-ext option`

			`Adding the --copy-ext option to copy request extension data. This will`
			`resolve #60 and other Subject Alternative Name "issues" that have been`
			`created.`

			`Signed-off-by: Eric F Crist <ecrist@secure-computing.net>`
			`---`
			`easyrsa3/easyrsa \| 6 ++++++`
			`1 file changed, 6 insertions(+)`

			`diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa`
			`index 81618d3..55de809 100755`
			`--- a/easyrsa3/easyrsa`
			`+++ b/easyrsa3/easyrsa`
			`@@ -199,6 +199,7 @@ Certificate & Request options: (these impact cert/req field values)`
			`./easyrsa help altname`
			`--use-algo=ALG : crypto alg to use: choose rsa (default) or ec`
			`--curve=NAME : for elliptic curve, sets the named curve to use`
			`+--copy-ext : Copy included request X509 extensions (namely subjAltName`

			`Organizational DN options: (only used with the 'org' DN mode)`
			`(values may be blank for org DN options)`
			`@@ -623,6 +624,8 @@ $(display_dn req "$req_in")`
			`# Append first any COMMON file (if present) then the cert-type extensions`
			`cat "$EASYRSA_EXT_DIR/COMMON"`
			`cat "$EASYRSA_EXT_DIR/$crt_type"`
			`+ # copy req extensions`
			`+ [ $EASYRSA_CP_EXT ] && print "copy_extensions = copy"`

			`# Support a dynamic CA path length when present:`
			`[ "$crt_type" = "ca" ] && [ -n "$EASYRSA_SUBCA_LEN" ] && \`
			`@@ -1063,6 +1066,7 @@ Note: using Easy-RSA configuration from: $vars"`
			`set_var EASYRSA_TEMP_FILE_3 ""`
			`set_var EASYRSA_REQ_CN ChangeMe`
			`set_var EASYRSA_DIGEST sha256`
			`+ set_var EASYRSA_CP_EXT 0`

			`# Detect openssl config, preferring EASYRSA_PKI over EASYRSA`
			`if [ -f "$EASYRSA_PKI/openssl-1.0.cnf" ]; then`
			`@@ -1165,6 +1169,8 @@ while :; do`
			`export EASYRSA_SUBCA_LEN="$val" ;;`
			`--vars)`
			`export EASYRSA_VARS_FILE="$val" ;;`
			`+ --copy-ext)`
			`+ export EASYRSA_CP_EXT=1 ;;`
			`--subject-alt-name)`
			`export EASYRSA_EXTRA_EXTS="\`
			`$EASYRSA_EXTRA_EXTS`