Skip to content

sign-req: Always enable SSL option -preserveDN #1271

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
TinCanTech wants to merge 2 commits into from
Closed

sign-req: Always enable SSL option -preserveDN #1271

TinCanTech wants to merge 2 commits into from

Conversation

@TinCanTech
Copy link
Collaborator

@TinCanTech TinCanTech commented Dec 7, 2024

easyrsa:
sign-req: Remove command option 'preserve' and ignore usage error. sign-req: Always enable SSL option -preserveDN
write_easyrsa_ssl_cnf_tmp(): Add hash for $known_file_322 write_easyrsa_ssl_cnf_tmp(): Add hash for $known_heredoc_322 write_easyrsa_ssl_cnf_tmp(): Add verbose message for unknown hash create_legacy_stream(), vars: Remove $EASYRSA_PRESERVE_DN create_legacy_stream(), ssl-cnf: Always enable SSL option -preserveDN

openssl-easyrsa.cnf:
Always enable SSL option -preserveDN

vars.example:
Remove $EASYRSA_PRESERVE_DN

@TinCanTech
sign-req: Always enable SSL option -preserveDN
d15bb3f 
easyrsa:
sign-req: Remove command option 'preserve' and ignore usage error.
sign-req: Always enable SSL option -preserveDN
write_easyrsa_ssl_cnf_tmp(): Add hash for $known_file_322
write_easyrsa_ssl_cnf_tmp(): Add hash for $known_heredoc_322
write_easyrsa_ssl_cnf_tmp(): Add verbose message for unknown hash
create_legacy_stream(), vars: Remove $EASYRSA_PRESERVE_DN
create_legacy_stream(), ssl-cnf: Always enable SSL option -preserveDN

openssl-easyrsa.cnf:
Always enable SSL option -preserveDN

vars.example:
Remove $EASYRSA_PRESERVE_DN

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech self-assigned this Dec 7, 2024
@TinCanTech TinCanTech added this to the v3.2.2 milestone Dec 7, 2024
@TinCanTech TinCanTech linked an issue Dec 7, 2024 that may be closed by this pull request
sign-req command option preserve should be default behavior #1268
Closed
@TinCanTech
Copy link
Collaborator Author

TinCanTech commented Dec 7, 2024

Note:

  • sign-req uses SSL command ca, which supports option -preserveDN.
  • build-ca uses SSL command req, which does not support option -preserveDN.

The SSL config file always configures preserveDN = yes.

@TinCanTech TinCanTech removed this from the v3.2.2 milestone Dec 7, 2024
@TinCanTech
Copy link
Collaborator Author

TinCanTech commented Dec 7, 2024

This PR is incorrect because I used preserveDN = yes, when it should be preserve = yes.

Closing this and will investigate further ...

@TinCanTech TinCanTech closed this Dec 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@TinCanTech TinCanTech

Labels

ChangeLog Item EasyRSA-OpenSSL-Config improvement vars file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

sign-req command option preserve should be default behavior

1 participant

@TinCanTech