1
0
Fork 0

openssl-little-CA: notice/warning about stripped SubjectAltName

This commit is contained in:
Chl 2023-10-03 20:27:58 +02:00
parent 29fc33a8e7
commit a16e070883

View file

@ -177,6 +177,13 @@ case $1 in
exit $RET exit $RET
;; ;;
-sign|-signreq) -sign|-signreq)
# Display a notice/warning when copy_extensions is disabled/enabled
# FIXME: we grep on the whole openssl.cnf file instead of just the 'ca' -> 'CA_default' section
if grep -q '^[[:space:]]*copy_extensions[[:space:]]*=[[:space:]]*copy' $( echo "$SSLEAY_CONFIG" | sed 's/-config//' ); then
echo "warning: copy_extensions is enabled, read the certificate carefully before signing."
else
echo "notice: copy_extensions disabled, extension such as SubjectAltName will be stripped."
fi
$CA -policy policy_anything -out newcert.pem -days "$DAYS" -infiles newreq.pem $CA -policy policy_anything -out newcert.pem -days "$DAYS" -infiles newreq.pem
RET=$? RET=$?
cat newcert.pem cat newcert.pem