ref: refs/heads/backgroud_patches_bnc550934
commit f5ded2d09b0ff8982c80364c727d332f27922df3
Author: J. Daniel Schmidt
Date: Tue Nov 24 16:10:40 2009 +0100
set organization and unit name in SSL certificate (bnc#557761), version 0.0.21
---
webclient/package/check-create-certificate.pl | 55 ++++++++++++++----------
webclient/package/yast2-webclient.changes | 6 +++
webclient/package/yastwc | 2 +-
3 files changed, 39 insertions(+), 24 deletions(-)
diff --git a/webclient/package/check-create-certificate.pl b/webclient/package/check-create-certificate.pl
index 8fb27a2..424f163 100755
--- a/webclient/package/check-create-certificate.pl
+++ b/webclient/package/check-create-certificate.pl
@@ -30,25 +30,33 @@ sub usage
print STDERR " if omitted exitance of certificate files will only be checked\n";
print STDERR " -f [--force] force to overwrite certificate\n";
print STDERR " -h [--help] this help\n";
- print STDERR " -H [--hostname] <name> define hostname to use for certificate\n";
- print STDERR " if omitted defaults to 'hostname --fqdn'\n";
- print STDERR " -C [--certfile] <file> define certificate file\n";
+ print STDERR " -H [--hostname] <name> defines hostname to use as CN for certificate\n";
+ print STDERR " if omitted it will use the FQDN hostname or just the hostname or the default CN\n";
+ print STDERR " -D [--defaultcn] <name> defines the default CN that is used if no FQDN can be found\n";
+ print STDERR " hostnames like 'localhost' and 'linux' will be overwritten by this as well\n";
+ print STDERR " -C [--certfile] <file> defines certificate file\n";
print STDERR " if omitted defaults to /etc/ssl/certs/self-signed-certificate.pem\n";
- print STDERR " -K [--keyfile] <file> define key file\n";
+ print STDERR " -K [--keyfile] <file> defines key file\n";
print STDERR " if omitted defaults to /etc/ssl/private/self-signed-certificate.key\n";
- print STDERR " -B [--combinedfile] <file> define combination file of key and certificate\n";
+ print STDERR " -B [--combinedfile] <file> defines combination file of key and certificate\n";
print STDERR " will not be created or checked if omitted\n";
+ print STDERR " -O [--organization] <org> sets the organization name in the certificate\n";
+ print STDERR " -U [--unit] <unit> sets the organizational unit name in the certificate\n";
print STDERR "\n";
}
-sub create_certificate($$$$)
+sub create_certificate($$$$$$)
{
my $fqdn = shift || return undef;
+ my $org = shift || '';
+ my $orgunit = shift || '';
my $CERTFILE = shift || return undef;
my $KEYFILE = shift || return undef;
my $COMBINEDFILE = shift || undef;
chomp $fqdn;
+ chomp $org;
+ chomp $orgunit;
chomp $CERTFILE;
chomp $KEYFILE;
chomp $COMBINEDFILE if defined $COMBINEDFILE;
@@ -63,6 +71,8 @@ prompt=no
commonName = $fqdn
emailAddress = root\@$fqdn
";
+ $config .="organizationName = $org\n" if ( $org ne '' );
+ $config .="organizationalUnitName = $orgunit\n" if ( $orgunit ne '' );
my $CNF = `mktemp /tmp/create-ssl-config-XXXXX`;
my $CERT = `mktemp /tmp/create-ssl-cert-XXXXX`;
@@ -132,10 +142,13 @@ emailAddress = root\@$fqdn
################################# MAIN ########################################
-my ($create, $force, $hostname, $certfile, $keyfile, $combinedfile, $help);
+my ($create, $force, $hostname, $certfile, $keyfile, $combinedfile, $help, $organization, $unit, $defaultcn);
my $result = GetOptions ("create|c" => \$create,
"force|f" => \$force,
"hostname|H=s" => \$hostname,
+ "defaultcn|D=s" => \$defaultcn,
+ "organization|O=s" => \$organization,
+ "unit|U=s" => \$unit,
"certfile|C=s" => \$certfile,
"keyfile|K=s" => \$keyfile,
"combinedfile|B=s" => \$combinedfile,
@@ -176,25 +189,21 @@ if (defined $create)
}
}
- $hostname = `hostname --fqdn` unless defined $hostname;
- chomp $hostname if defined $hostname;
- if ( (not defined $hostname) || $hostname =~ /^$/)
+ my @HOSTNAMES = ('localhost');
+ push @HOSTNAMES, $defaultcn;
+ push @HOSTNAMES, `hostname`;
+ push @HOSTNAMES, `hostname --fqdn`;
+ push @HOSTNAMES, $hostname;
+
+ foreach my $H (@HOSTNAMES)
{
- # do not abort, just create a certificate (bnc#557752)
- #print STDERR "Hostname missing or invalid. Aborting.\n";
- #exit 1;
-
- print STDERR "No fully qualified domain name can be found. Please fix your DNS setup.\n";
- print STDERR "Using only the hostname for SSL certificate.\n";
- $hostname = `hostname`;
- chomp $hostname if defined $hostname;
- if ( (not defined $hostname) || $hostname =~ /^$/)
- {
- $hostname = 'localhost';
- }
+ next unless (defined $H);
+ chomp $H;
+ $hostname = $H unless ( $H !~ /^$/ && $H !~ /^linux$/i && $H !~ /^localhost$/i );
}
+ $hostname = 'localhost' unless ( defined $hostname && $hostname !~ /^$/ );
- if ( create_certificate( $hostname, $certfile, $keyfile, $combinedfile ) )
+ if ( create_certificate( $hostname, $organization, $unit, $certfile, $keyfile, $combinedfile ) )
{
print "Successfully created certificate.\n";
exit 0;
diff --git a/webclient/package/yast2-webclient.changes b/webclient/package/yast2-webclient.changes
index 5dbf1cb..0f9db2e 100644
--- a/webclient/package/yast2-webclient.changes
+++ b/webclient/package/yast2-webclient.changes
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Tue Nov 24 16:03:39 CET 2009 - jdsn@suse.de
+
+- set organization and unit name in SSL certificate (bnc#557761)
+- 0.0.21
+
+-------------------------------------------------------------------
Mon Nov 23 18:15:24 CET 2009 - jdsn@suse.de
- create an SSL certificate with the best hostname (bnc#557752)
diff --git a/webclient/package/yastwc b/webclient/package/yastwc
index f25a61a..a1ecf25 100755
--- a/webclient/package/yastwc
+++ b/webclient/package/yastwc
@@ -179,7 +179,7 @@ case "$1" in
if [ ! -e $COMBINEDCERTFILE ]
then
echo "No certificate found. Creating one now."
- if ! /usr/sbin/check-create-certificate.pl -c -C $CERTIFICATEFILE -K $CERTKEYFILE -B $COMBINEDCERTFILE >/srv/www/yast/log/check-create-certificate.log 2>&1
+ if ! /usr/sbin/check-create-certificate.pl -c -C $CERTIFICATEFILE -K $CERTKEYFILE -B $COMBINEDCERTFILE -D webyast -O WebYaST -U WebYaST >/srv/www/yast/log/check-create-certificate.log 2>&1
then
echo -n "Can not create certificate. Please see /srv/www/yast/log/check-create-certificate.log for details."
rc_failed
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org