Re: [Openca-Users] User.ext

Thu, 30 May 2002 04:33:52 -0700 


Robert Hannemann wrote:

> the problem is, i want to generate a CA Certificate with an E-Mail but
> not with the E-Mail in the DN. How to do this ? The CA-Certificate
> generation process doesn't need the configure-files ? - but where can i
> set the option:CA-Cert DN without the E-Mail ?



On a related problem there seems to be a problem with option
DN_WITHOUT_EMAIL "Y".  After recent changes it stopped working
correctly, since environment variable subjectAltName is not
set properly.

I attach a patch that shows a quick fix for that, but I don't
think it is the right solution.

Julio



Index: openca-0.9/src/cgi-bin/cmds/issueCertificate
===================================================================
RCS file: /cvsroot/openca/openca-0.9/src/cgi-bin/cmds/issueCertificate,v
retrieving revision 1.2
diff -u -u -r1.2 issueCertificate
--- openca-0.9/src/cgi-bin/cmds/issueCertificate        23 May 2002 10:44:04 -0000     
 1.2
+++ openca-0.9/src/cgi-bin/cmds/issueCertificate        30 May 2002 11:17:43 -0000
@@ -131,7 +131,9 @@
 }
 
 ## filter email if necessary
+my $email;
 if ( getRequired ('DN_WITHOUT_EMAIL') =~ /Y|YES|ON/i ) {
+       $email = $req->getParsed()->{EMAILADDRESS};
        $cert_subject =~ s/^\s*EMAIL\s*=[^,]*,\s*//i;
        $cert_subject =~ s/^\s*EMAILADDRESS\s*=[^,]*,\s*//i;
        $cert_subject =~ s/,\s*EMAIL\s*=[^,]*//i;
@@ -144,6 +146,7 @@
 }
 
 print "issueCertificate: \$cert_subject: ".$cert_subject."<br>\n" if ($DEBUG);
+print "issueCertificate: \$email: ".$email."<br>\n" if ($DEBUG);
 
 ## Check if there are certificates with the same DN
 @certList = $db->searchItems( DATATYPE=>"VALID_CERTIFICATE",
@@ -158,9 +161,13 @@
 # * preserveDN is not recommended by openssl develeopers
 if ( $req->getParsed()->{HEADER}->{SUBJECT_ALT_NAME} ) {
        $ENV{'subjectAltName'} = $req->getParsed()->{HEADER}->{SUBJECT_ALT_NAME};
+} elsif ( $email ) {
+       $ENV{'subjectAltName'} = "email:$email";
 } else {
        $ENV{'subjectAltName'} = "";
 }
+
+print "issueCertificate: subjectAltName: ".$ENV{subjectAltName}."<br>\n" if ($DEBUG);
 
 ## creating backup-files for openssl
 if ( not $tools->copyFiles (SRC => getRequired ('sslindex'),























					Reply via email to