pool/easy-rsa
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e5aba54ce6
easy-rsa/83a1a21.patch
Stefan Jakobs 69ef562811 Accepting request 518428 from home:oreinert:branches:network:vpn 
- Include upstream patches:
  + 4eac410.patch
     Fix string comprehension
  + a138c0d.patch
     Fix incorrect "openssl rand" usage
  + 83a1a21.patch
     Add --copy-ext option
- Include upstream patches:
  + d20d2b3.patch
     Update docs and examples to fit changes in 534f673
- Adapted easy-rsa-packaging.patch to work with upstream patch
- Include upstream patches:
  + 534f673.patch
     Make $PWD/pki the default PKI location
- Adapted easy-rsa-packaging.patch to work with upstream patch
- Treat /etc/easy-rsa as public default config, no default vars

OBS-URL: https://build.opensuse.org/request/show/518428
OBS-URL: https://build.opensuse.org/package/show/network:vpn/easy-rsa?expand=0&rev=10
2017-08-28 20:15:39 +00:00

53 lines
1.9 KiB
Diff
Raw Blame History

From 83a1a21e7a90e8666498dec2fa35ee5b8f67920c Mon Sep 17 00:00:00 2001
From: Eric F Crist <ecrist@secure-computing.net>
Date: Tue, 22 Aug 2017 20:52:26 -0500
Subject: [PATCH] Add --copy-ext option
Adding the --copy-ext option to copy request extension data. This will
resolve #60 and other Subject Alternative Name "issues" that have been
created.
Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
---
easyrsa3/easyrsa | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 81618d3..55de809 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -199,6 +199,7 @@ Certificate & Request options: (these impact cert/req field values)
./easyrsa help altname
--use-algo=ALG : crypto alg to use: choose rsa (default) or ec
--curve=NAME : for elliptic curve, sets the named curve to use
+--copy-ext : Copy included request X509 extensions (namely subjAltName
Organizational DN options: (only used with the 'org' DN mode)
(values may be blank for org DN options)
@@ -623,6 +624,8 @@ $(display_dn req "$req_in")
# Append first any COMMON file (if present) then the cert-type extensions
cat "$EASYRSA_EXT_DIR/COMMON"
cat "$EASYRSA_EXT_DIR/$crt_type"
+ # copy req extensions
+ [ $EASYRSA_CP_EXT ] && print "copy_extensions = copy"
# Support a dynamic CA path length when present:
[ "$crt_type" = "ca" ] && [ -n "$EASYRSA_SUBCA_LEN" ] && \
@@ -1063,6 +1066,7 @@ Note: using Easy-RSA configuration from: $vars"
set_var EASYRSA_TEMP_FILE_3 ""
set_var EASYRSA_REQ_CN ChangeMe
set_var EASYRSA_DIGEST sha256
+ set_var EASYRSA_CP_EXT 0
# Detect openssl config, preferring EASYRSA_PKI over EASYRSA
if [ -f "$EASYRSA_PKI/openssl-1.0.cnf" ]; then
@@ -1165,6 +1169,8 @@ while :; do
export EASYRSA_SUBCA_LEN="$val" ;;
--vars)
export EASYRSA_VARS_FILE="$val" ;;
+ --copy-ext)
+ export EASYRSA_CP_EXT=1 ;;
--subject-alt-name)
export EASYRSA_EXTRA_EXTS="\
$EASYRSA_EXTRA_EXTS
Reference in New Issue View Git Blame Copy Permalink