Bug#645515: ssl-cert: Please support AltName

Sun, 16 Oct 2011 08:12:49 -0700 

Package: ssl-cert
Version: 1.0.28
Severity: wishlist

Attached patch provides support for optionally adding AltName string -
useful for hosting multiple domains on same IP, and for generating a
WebID.

diff -ruN ssl-cert-1.0.28/debian/templates ssl-cert-1.0.28~0jones1/debian/templates
--- ssl-cert-1.0.28/debian/templates	2009-07-26 22:46:05.000000000 +0200
+++ ssl-cert-1.0.28~0jones1/debian/templates	2011-10-16 12:14:32.818316707 +0200
@@ -15,6 +15,19 @@
  .
  It will become the 'commonName' field of the generated SSL certificate.
 
+Template: make-ssl-cert/altname
+Type: string
+_Description: Alternative name(s):
+ Please enter any additional names to use in the SSL certificate.
+ .
+ It will become the 'altName' field of the generated SSL certificate.
+ .
+ Multiple alternative names should be delimited with comma and no space,
+ like this (adding a hostname, a WebID, an email address and an IPv4
+ address):
+ .
+ DNS:example.com,URI:http://example.com/joe#me,email:m...@example.com,IP:192.168.7.3
+
 Template: make-ssl-cert/title
 Type: title
 _Description: Configure an SSL Certificate.
diff -ruN ssl-cert-1.0.28/make-ssl-cert ssl-cert-1.0.28~0jones1/make-ssl-cert
--- ssl-cert-1.0.28/make-ssl-cert	2009-11-08 11:20:55.000000000 +0100
+++ ssl-cert-1.0.28~0jones1/make-ssl-cert	2011-10-16 12:59:28.159714146 +0200
@@ -27,6 +27,13 @@
     db_get make-ssl-cert/hostname
     HostName="$RET"
     db_fset make-ssl-cert/hostname seen false
+
+    db_fset make-ssl-cert/altname seen false
+    db_input high make-ssl-cert/altname || true
+    db_go
+    db_get make-ssl-cert/altname
+    AltName="$RET"
+    db_fset make-ssl-cert/altname seen false
 }
 
 make_snakeoil() {
@@ -41,6 +48,7 @@
 
 create_temporary_cnf() {
     sed -e s#@HostName@#"$HostName"# $template > $TMPFILE
+    [ -z "$AltName" ] || echo "subjectAltName=$AltName" >> $TMPFILE
 }
 
 # Takes two arguments, the base layout and the output cert.
diff -ruN ssl-cert-1.0.28/ssleay.cnf ssl-cert-1.0.28~0jones1/ssleay.cnf
--- ssl-cert-1.0.28/ssleay.cnf	2010-10-02 14:46:05.000000000 +0200
+++ ssl-cert-1.0.28~0jones1/ssleay.cnf	2011-10-16 13:00:19.979828213 +0200
@@ -10,6 +10,11 @@
 distinguished_name      = req_distinguished_name
 prompt                  = no
 policy			= policy_anything
+req_extensions          = v3_req
+x509_extensions         = v3_req
 
 [ req_distinguished_name ]
 commonName                      = @HostName@
+
+[ v3_req ]
+basicConstraints        = CA:FALSE

Reply via email to