For some applications, it is desirable to have full control of the common name field in generated certificates. Add a command-line option to suppress appending " id:<uuid-or-date>" to the user- specified name.
Signed-off-by: Lance Richardson <[email protected]> --- v3: New patch. utilities/ovs-pki.8.in | 9 +++++++++ utilities/ovs-pki.in | 16 +++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/utilities/ovs-pki.8.in b/utilities/ovs-pki.8.in index 9c3019b..a1bcc11 100644 --- a/utilities/ovs-pki.8.in +++ b/utilities/ovs-pki.8.in @@ -48,6 +48,8 @@ The available options are: .br [\fB\-l\fR \fIfile\fR | \fB\-\^\-log=\fIfile\fR] .br +[\fB\-u\fR | \fB\-\^\-unique\fR] +.br [\fB\-h\fR | \fB\-\^\-help\fR] .sp Some options do not apply to every command. @@ -233,6 +235,13 @@ directories. This option overrides this behavior. Sets the log file to \fIfile\fR. Default: \fB@LOGDIR@/ovs\-pki.log\fR. +.IP "\fB\-u\fR" +.IQ "\fB\-\^\-unique\fR" +Changes the format of the certificate's Common Name (CN) field; by +default, this field has the format "<name> id:<uuid-or-date>", this +option causes the provided name to be treated as unique and changes +the format of the CN field to be simply "<name>". + .IP "\fB\-h\fR" .IQ "\fB\-\^\-help\fR" Prints a help usage message and exits. diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in index 7a992a5..d5ce1dc 100755 --- a/utilities/ovs-pki.in +++ b/utilities/ovs-pki.in @@ -21,6 +21,7 @@ command= prev= force=no batch=no +unique_name=no log='@LOGDIR@/ovs-pki.log' keytype=rsa bits=2048 @@ -110,6 +111,7 @@ Options that apply to any command: (default: $pkidir) -f, --force Continue even if file or directory already exists -l, --log=FILE Log openssl output to FILE (default: ovs-log.log) + -u, --unique NAME is unique (don't append UUID/date) -h, --help Print this usage message. -V, --version Display version information. EOF @@ -155,6 +157,9 @@ EOF --ba*|-b) batch=yes ;; + --un*|-u) + unique_name=yes + ;; -*) echo "unrecognized option $option" >&2 exit 1 @@ -429,8 +434,13 @@ make_request() { must_not_exist "$arg1-privkey.pem" must_not_exist "$arg1-req.pem" make_tmpdir - # Use uuidgen or date to create unique subject DNs. - unique=`(uuidgen) 2>/dev/null` || unique=`date +"%Y %b %d %T"` + if test $unique_name != yes; then + # Use uuidgen or date to create unique subject DNs. + unique=`(uuidgen) 2>/dev/null` || unique=`date +"%Y %b %d %T"` + cn="$arg1 id:$unique" + else + cn="$arg1" + fi cat > "$TMP/req.cnf" <<EOF [ req ] prompt = no @@ -442,7 +452,7 @@ ST = CA L = Palo Alto O = Open vSwitch OU = Open vSwitch certifier -CN = $arg1 id:$unique +CN = $cn EOF if test $keytype = rsa; then (umask 077 && openssl genrsa -out "$1-privkey.pem" $bits) 1>&3 2>&3 \ -- 2.7.4 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
