generate certificate script fails on windows with mingw bash #143
Description
A few issues that seem to come down to limitation of the bash implementation.
Subject var slashes.
The SUBJECT declaration contains /'s and is passed as an argument so mingw thinks it's a unix path, and tries to be helpful and convert it back to a windows path. To tell it not to, we have to prepend it with // and swap the other /'s for \'s.
# avoid mingw deciding the subject string is a path to translate!
unameOut="$(uname -s)"
case "${unameOut}" in
MINGW*) SUBJECT="//CN=gameontext.org\OU=GameOn Development CA\O=The Ficticious GameOn CA Company\L=Earth\ST=Happy\C=CA";;
*) SUBJECT="/CN=gameontext.org/OU=GameOn Development CA/O=The Ficticious GameOn CA Company/L=Earth/ST=Happy/C=CA"
esac
OpenSSL IP.1/DNS.1 in ext
OpenSSL version I have (OpenSSL 1.0.2p Aug 2018) refuses to accept a dns name as an argument to IP.1 in the v3.ext creation. We may need to add logic to detect if ${hostName} is an ip, or a dns name, and only set the appopriate entry.
I just commented out the IP.1 set in my script, as a quick way to solve it locally.
Config as filename rather than string.
For some reason my OpenSSL also wasn't happy about the config being passed via cat as a string, but it was fine with me passing the filename..
#Create Server Key, with CSR
openssl req -new -sha256 -nodes \
-out ${targetDir}/.gameontext.openssl/server.csr -newkey rsa:4096 \
-keyout ${targetDir}/.gameontext.onlykey.pem -config ${targetDir}/.gameontext.openssl/rootCSR.cnf
Subshells & fdopen
Use of subshells to generate stuffs.. I was seeing errors about fdopen not being able to read things.
I'm way less sure of these, because the errors could have just come from the fallout from subject not being set. But I converted the way the CSR/EXT files were made from using cat & EOT into echo concats instead..
#Create CSR config
echo [req] > ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo default_bits = 4096 >> ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo prompt = no >> ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo default_md = sha256 >> ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo distinguished_name = dn >> ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo "" >> ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo [dn] >> ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo C=CA >> ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo ST=Happy >> ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo L=Earth >> ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo O=The Ficticious GameOn Company >> ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo OU=GameOn Application >> ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo CN = ${hostName} >> ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo "" >> ${targetDir}/.gameontext.openssl/rootCSR.cnf
echo authorityKeyIdentifier=keyid,issuer > ${targetDir}/.gameontext.openssl/v3.ext
echo basicConstraints=CA:FALSE >> ${targetDir}/.gameontext.openssl/v3.ext
echo keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment >> ${targetDir}/.gameontext.openssl/v3.ext
echo subjectAltName = @alt_names >> ${targetDir}/.gameontext.openssl/v3.ext
echo "" >> ${targetDir}/.gameontext.openssl/v3.ext
echo [alt_names] >> ${targetDir}/.gameontext.openssl/v3.ext
echo DNS.1 = ${hostName} >> ${targetDir}/.gameontext.openssl/v3.ext
echo "" >> ${targetDir}/.gameontext.openssl/v3.ext