[yast-commit] <web-client> backgroud_patches_bnc550934 : set organization and unit name in SSL certificate (bnc#557761), version 0.0.21

24 Nov 2009

ref: refs/heads/backgroud_patches_bnc550934
commit f5ded2d09b0ff8982c80364c727d332f27922df3
Author: J. Daniel Schmidt 
Date:   Tue Nov 24 16:10:40 2009 +0100

    set organization and unit name in SSL certificate (bnc#557761), version 0.0.21
---
 webclient/package/check-create-certificate.pl |   55 ++++++++++++++----------
 webclient/package/yast2-webclient.changes     |    6 +++
 webclient/package/yastwc                      |    2 +-
 3 files changed, 39 insertions(+), 24 deletions(-)

diff --git a/webclient/package/check-create-certificate.pl b/webclient/package/check-create-certificate.pl
index 8fb27a2..424f163 100755
--- a/webclient/package/check-create-certificate.pl
+++ b/webclient/package/check-create-certificate.pl
@@ -30,25 +30,33 @@ sub usage
     print STDERR "                              if omitted exitance of certificate files will only be checked\n";
     print STDERR "  -f [--force]                force to overwrite certificate\n";
     print STDERR "  -h [--help]                 this help\n";
-    print STDERR "  -H [--hostname]     <name>  define hostname to use for certificate\n";
-    print STDERR "                              if omitted defaults to 'hostname --fqdn'\n";
-    print STDERR "  -C [--certfile]     <file>  define certificate file\n";
+    print STDERR "  -H [--hostname]     <name>  defines hostname to use as CN for certificate\n";
+    print STDERR "                              if omitted it will use the FQDN hostname or just the hostname or the default CN\n";
+    print STDERR "  -D [--defaultcn]    <name>  defines the default CN that is used if no FQDN can be found\n";
+    print STDERR "                              hostnames like 'localhost' and 'linux' will be overwritten by this as well\n";
+    print STDERR "  -C [--certfile]     <file>  defines certificate file\n";
     print STDERR "                              if omitted defaults to /etc/ssl/certs/self-signed-certificate.pem\n";
-    print STDERR "  -K [--keyfile]      <file>  define key file\n";
+    print STDERR "  -K [--keyfile]      <file>  defines key file\n";
     print STDERR "                              if omitted defaults to /etc/ssl/private/self-signed-certificate.key\n";
-    print STDERR "  -B [--combinedfile] <file>  define combination file of key and certificate\n";
+    print STDERR "  -B [--combinedfile] <file>  defines combination file of key and certificate\n";
     print STDERR "                              will not be created or checked if omitted\n";
+    print STDERR "  -O [--organization] <org>   sets the organization name in the certificate\n";
+    print STDERR "  -U [--unit]         <unit>  sets the organizational unit name in the certificate\n";
     print STDERR "\n";
 }
 
 
-sub create_certificate($$$$)
+sub create_certificate($$$$$$)
 {
     my $fqdn         = shift || return undef;
+    my $org          = shift || '';
+    my $orgunit      = shift || '';
     my $CERTFILE     = shift || return undef;
     my $KEYFILE      = shift || return undef;
     my $COMBINEDFILE = shift || undef;
     chomp $fqdn;
+    chomp $org;
+    chomp $orgunit;
     chomp $CERTFILE;
     chomp $KEYFILE;
     chomp $COMBINEDFILE if defined $COMBINEDFILE;
@@ -63,6 +71,8 @@ prompt=no
 commonName = $fqdn
 emailAddress = root\@$fqdn
 ";
+    $config .="organizationName        = $org\n" if ( $org ne '' );
+    $config .="organizationalUnitName  = $orgunit\n" if ( $orgunit ne '' );
 
     my $CNF  = `mktemp /tmp/create-ssl-config-XXXXX`;
     my $CERT = `mktemp /tmp/create-ssl-cert-XXXXX`;
@@ -132,10 +142,13 @@ emailAddress = root\@$fqdn
 
 ################################# MAIN ########################################
 
-my ($create, $force, $hostname, $certfile, $keyfile, $combinedfile, $help);
+my ($create, $force, $hostname, $certfile, $keyfile, $combinedfile, $help, $organization, $unit, $defaultcn);
 my $result = GetOptions ("create|c"         => \$create,
                          "force|f"          => \$force,
                          "hostname|H=s"     => \$hostname,
+                         "defaultcn|D=s"    => \$defaultcn,
+                         "organization|O=s" => \$organization,
+                         "unit|U=s"         => \$unit,
                          "certfile|C=s"     => \$certfile,
                          "keyfile|K=s"      => \$keyfile,
                          "combinedfile|B=s" => \$combinedfile,
@@ -176,25 +189,21 @@ if (defined $create)
         }
     }
 
-    $hostname = `hostname --fqdn` unless defined $hostname;
-    chomp $hostname if defined $hostname;
-    if ( (not defined $hostname) || $hostname =~ /^$/)
+    my @HOSTNAMES = ('localhost');
+    push @HOSTNAMES, $defaultcn;
+    push @HOSTNAMES, `hostname`;
+    push @HOSTNAMES, `hostname --fqdn`;
+    push @HOSTNAMES, $hostname;
+
+    foreach my $H (@HOSTNAMES)
     {
-        # do not abort, just create a certificate (bnc#557752)
-        #print STDERR "Hostname missing or invalid. Aborting.\n";
-        #exit 1;
-
-        print STDERR "No fully qualified domain name can be found. Please fix your DNS setup.\n";
-        print STDERR "Using only the hostname for SSL certificate.\n";
-        $hostname = `hostname`;
-        chomp $hostname if defined $hostname;
-        if ( (not defined $hostname) || $hostname =~ /^$/)
-        {
-            $hostname = 'localhost';
-        }
+        next unless (defined $H);
+        chomp $H;
+        $hostname = $H unless ( $H !~ /^$/ && $H !~ /^linux$/i  && $H !~ /^localhost$/i );
     }
+    $hostname = 'localhost' unless ( defined $hostname && $hostname !~ /^$/ );
 
-    if ( create_certificate( $hostname, $certfile, $keyfile, $combinedfile ) )
+    if ( create_certificate( $hostname, $organization, $unit, $certfile, $keyfile, $combinedfile ) )
     {
         print "Successfully created certificate.\n";
         exit 0;
diff --git a/webclient/package/yast2-webclient.changes b/webclient/package/yast2-webclient.changes
index 5dbf1cb..0f9db2e 100644
--- a/webclient/package/yast2-webclient.changes
+++ b/webclient/package/yast2-webclient.changes
@@ -1,4 +1,10 @@
 -------------------------------------------------------------------
+Tue Nov 24 16:03:39 CET 2009 - jdsn@suse.de
+
+- set organization and unit name in SSL certificate (bnc#557761) 
+- 0.0.21
+
+-------------------------------------------------------------------
 Mon Nov 23 18:15:24 CET 2009 - jdsn@suse.de
 
 - create an SSL certificate with the best hostname (bnc#557752)
diff --git a/webclient/package/yastwc b/webclient/package/yastwc
index f25a61a..a1ecf25 100755
--- a/webclient/package/yastwc
+++ b/webclient/package/yastwc
@@ -179,7 +179,7 @@ case "$1" in
     if [ ! -e  $COMBINEDCERTFILE ]
     then
         echo "No certificate found. Creating one now."
-        if ! /usr/sbin/check-create-certificate.pl -c -C $CERTIFICATEFILE -K $CERTKEYFILE -B $COMBINEDCERTFILE >/srv/www/yast/log/check-create-certificate.log 2>&1
+        if ! /usr/sbin/check-create-certificate.pl -c -C $CERTIFICATEFILE -K $CERTKEYFILE -B $COMBINEDCERTFILE -D webyast -O WebYaST -U WebYaST >/srv/www/yast/log/check-create-certificate.log 2>&1
         then
             echo -n "Can not create certificate. Please see /srv/www/yast/log/check-create-certificate.log for details."
             rc_failed
-- 
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org

    

[yast-commit] <web-client> backgroud_patches_bnc550934 : set organization and unit name in SSL certificate (bnc#557761), version 0.0.21

J.Daniel Schmidt