openssl-little-CA: notice/warning about stripped SubjectAltName
This commit is contained in:
parent
29fc33a8e7
commit
a16e070883
1 changed files with 7 additions and 0 deletions
|
@ -177,6 +177,13 @@ case $1 in
|
||||||
exit $RET
|
exit $RET
|
||||||
;;
|
;;
|
||||||
-sign|-signreq)
|
-sign|-signreq)
|
||||||
|
# Display a notice/warning when copy_extensions is disabled/enabled
|
||||||
|
# FIXME: we grep on the whole openssl.cnf file instead of just the 'ca' -> 'CA_default' section
|
||||||
|
if grep -q '^[[:space:]]*copy_extensions[[:space:]]*=[[:space:]]*copy' $( echo "$SSLEAY_CONFIG" | sed 's/-config//' ); then
|
||||||
|
echo "warning: copy_extensions is enabled, read the certificate carefully before signing."
|
||||||
|
else
|
||||||
|
echo "notice: copy_extensions disabled, extension such as SubjectAltName will be stripped."
|
||||||
|
fi
|
||||||
$CA -policy policy_anything -out newcert.pem -days "$DAYS" -infiles newreq.pem
|
$CA -policy policy_anything -out newcert.pem -days "$DAYS" -infiles newreq.pem
|
||||||
RET=$?
|
RET=$?
|
||||||
cat newcert.pem
|
cat newcert.pem
|
||||||
|
|
Loading…
Reference in a new issue