[GitHub] ant issue #65: Update manual for subject alternative name attribute of genke...
Github user jnsnkrllive commented on the issue: https://github.com/apache/ant/pull/65 Oops, sorry about the bad commits to CONTRIBUTORS and others. I'm still trying to figure out the best way to do this stuff on GitHub. Thanks for picking up the one good commit to merge. --- - To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
[GitHub] ant issue #64: Add support for SAN extension in GenerateKey task
Github user jnsnkrllive commented on the issue: https://github.com/apache/ant/pull/64 @jaikiran Yes, I have submitted PR #65 for the update to the manual. --- - To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
[GitHub] ant pull request #65: Update manual for subject alternative name attribute o...
GitHub user jnsnkrllive opened a pull request: https://github.com/apache/ant/pull/65 Update manual for subject alternative name attribute of genkey task You can merge this pull request into a Git repository by running: $ git pull https://github.com/jnsnkrllive/ant 1.9.x Alternatively you can review and apply these changes as the patch at: https://github.com/apache/ant/pull/65.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #65 commit c8a4fec0ae6d858b602b3d7778807abe5be5276a Author: Karl Jansen Date: 2018-07-16T22:42:34Z Update manual for subject alternative name attribute of genkey task --- - To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
[GitHub] ant pull request #64: Add support for SAN extension in GenerateKey task
Github user jnsnkrllive commented on a diff in the pull request:
https://github.com/apache/ant/pull/64#discussion_r202364682
--- Diff: src/main/org/apache/tools/ant/taskdefs/GenerateKey.java ---
@@ -413,6 +429,16 @@ public void execute() throws BuildException {
sb.append("\" ");
}
+if (useExtension) {
+sb.append("-ext ");
--- End diff --
Hey @jaikiran, thanks for pointing that out. I agree, `useExtension` isn't
necessary right now since only 1 extension is being supported. I'll fix this
now.
This mechanism or something similar/better can be introduced when we add
support for another extension sometime in the future, when it's actually needed.
---
-
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
[GitHub] ant pull request #64: Add support for SAN extension in GenerateKey task
Github user jnsnkrllive commented on a diff in the pull request:
https://github.com/apache/ant/pull/64#discussion_r202096699
--- Diff: src/main/org/apache/tools/ant/taskdefs/GenerateKey.java ---
@@ -413,6 +429,16 @@ public void execute() throws BuildException {
sb.append("\" ");
}
+if (useExtension) {
+sb.append("-ext ");
--- End diff --
Good question. I did some testing and here's what I found:
keytool would fail if we pass "-ext" without a name.
`keytool -genkey -alias "keystorename" -keystore "keystorename" -storepass
"secret" -keypass "secret" -ext`
> Command option -ext needs an argument.
However, we won't ever append "-ext" without also appending a name too.
Currently the only way to append "-ext" is when useExtension is true, which
only happens if the sname attribute is included in the definition AND the java
version is 1.7 or higher.
keytool works fine if the saname attribute is not included in the
definition. "useExtension" would be false (because "setSaname" would never get
called) and it'd skip over the code block beginning on line 432.
However, keytool throws an exception if saname="" is used in the definition
`[genkey] keytool error: java.lang.Exception: Illegal item in san=`
This definition of the task doesn't meet the requirements specified by
keytool. Should ant handle this differently or defer to keytool for handing the
invalid use? It doesn't look like we are doing any special validation on the
other arguments (e.g. "sigalg" which is just a string in this Task but keytool
only accepts certain values for that string).
---
-
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
