openssl-little-CA: notice/warning about stripped SubjectAltName
This commit is contained in:
parent
29fc33a8e7
commit
a16e070883
1 changed files with 7 additions and 0 deletions
|
|
@ -177,6 +177,13 @@ case $1 in
|
|||
exit $RET
|
||||
;;
|
||||
-sign|-signreq)
|
||||
# Display a notice/warning when copy_extensions is disabled/enabled
|
||||
# FIXME: we grep on the whole openssl.cnf file instead of just the 'ca' -> 'CA_default' section
|
||||
if grep -q '^[[:space:]]*copy_extensions[[:space:]]*=[[:space:]]*copy' $( echo "$SSLEAY_CONFIG" | sed 's/-config//' ); then
|
||||
echo "warning: copy_extensions is enabled, read the certificate carefully before signing."
|
||||
else
|
||||
echo "notice: copy_extensions disabled, extension such as SubjectAltName will be stripped."
|
||||
fi
|
||||
$CA -policy policy_anything -out newcert.pem -days "$DAYS" -infiles newreq.pem
|
||||
RET=$?
|
||||
cat newcert.pem
|
||||
|
|
|
|||
Loading…
Reference in a new issue