Skip to content

Commit

Permalink
Introduce global option --san-crit, mark SAN critical (RFC2459)
Browse files Browse the repository at this point in the history 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
  • Loading branch information
@TinCanTech
TinCanTech committed Jun 29, 2024
1 parent 5e62047 commit dd69f50
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions easyrsa3/easyrsa
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2604,7 +2604,7 @@ $confirm_dn"
if [ "$EASYRSA_SAN" ]; then
confirm_san="\
X509v3 Subject Alternative Name:
$EASYRSA_SAN"
${EASYRSA_SAN_CRIT}${EASYRSA_SAN}"
else
confirm_san="$req_x509_san"
fi
Expand Down Expand Up @@ -5463,6 +5463,10 @@ while :; do
--usefn)
export EASYRSA_P12_FR_NAME="$val"
;;
--san-crit*)
empty_ok=1
export EASYRSA_SAN_CRIT='critical,'
;;
--tools)
export EASYRSA_TOOLS_LIB="$val"
;;
Expand Down Expand Up @@ -5507,7 +5511,8 @@ done
if [ "$EASYRSA_SAN" ]; then
EASYRSA_EXTRA_EXTS="\
$EASYRSA_EXTRA_EXTS
subjectAltName = $EASYRSA_SAN"
subjectAltName = ${EASYRSA_SAN_CRIT}${EASYRSA_SAN}"
[ "${EASYRSA_SAN_CRIT}" ] && verbose "SAN critical OK"
fi

# Set cmd now
Expand Down

0 comments on commit dd69f50

Please sign in to comment.