From e4c9b5ed363289cf43f6d112f64ea6a9ade23a33 Mon Sep 17 00:00:00 2001 From: David Rios Date: Thu, 19 Sep 2019 14:40:45 -0300 Subject: [PATCH 1/2] Copy Subject Alternative Name from REQ. Fixes #218 --- easyrsa3/easyrsa | 39 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index aa5d317..4bebaf1 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -853,9 +853,18 @@ $(display_dn req "$req_in") # add one to the extensions file if [ "$crt_type" = 'server' ] || [ "$crt_type" = 'serverClient' ]; then - echo "$EASYRSA_EXTRA_EXTS" | - grep -q subjectAltName || - default_server_san "$req_in" + echo "$EASYRSA_EXTRA_EXTS" | grep -q subjectAltName + if [ $? -ne 0 ]; + then + san=$(display_san req "$req_in") + + if [ -n "$san" ]; + then + print "subjectAltName = $san" + else + default_server_san "$req_in" + fi + fi fi # Add any advanced extensions supplied by env-var: @@ -1390,10 +1399,34 @@ Failed to perform update-db: see above for related openssl errors." return 0 } # => update_db() +display_san() { + format="$1" path="$2" + + echo "$EASYRSA_EXTRA_EXTS" | grep -q subjectAltName + + if [ $? -eq 0 ]; then + print "$(echo "$EASYRSA_EXTRA_EXTS" | grep subjectAltName | sed 's/^\s*subjectAltName\s*=\s*//')" + else + san=$( + "$EASYRSA_OPENSSL" "$format" -in "$path" -noout -text | + sed -n "/X509v3 Subject Alternative Name:/{n;s/ //g;p;}" + ) + + [ -n "$san" ] && print "$san" + fi +} + # display cert DN info on a req/X509, passed by full pathname display_dn() { format="$1" path="$2" print "$("$EASYRSA_OPENSSL" "$format" -in "$path" -noout -subject -nameopt multiline)" + san=$(display_san "$1" "$2") + if [ -n "$san" ]; then + print "" + print "X509v3 Subject Alternative Name:" + print " $san" + fi + } # => display_dn() # generate default SAN from req/X509, passed by full pathname From 3301c09f5c47c63c2566e80ebfe0a699ba125818 Mon Sep 17 00:00:00 2001 From: David Rios Date: Thu, 19 Sep 2019 16:23:07 -0300 Subject: [PATCH 2/2] Fix correct name for IP option of subjectAltName --- easyrsa3/easyrsa | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 4bebaf1..25a5644 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -1409,7 +1409,7 @@ display_san() { else san=$( "$EASYRSA_OPENSSL" "$format" -in "$path" -noout -text | - sed -n "/X509v3 Subject Alternative Name:/{n;s/ //g;p;}" + sed -n "/X509v3 Subject Alternative Name:/{n;s/ //g;s/IPAddress:/IP:/g;p;}" ) [ -n "$san" ] && print "$san"