Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sign-req: Always enable SSL option -preserveDN #1271

Closed

Conversation

TinCanTech
Copy link
Collaborator

easyrsa:
sign-req: Remove command option 'preserve' and ignore usage error. sign-req: Always enable SSL option -preserveDN
write_easyrsa_ssl_cnf_tmp(): Add hash for $known_file_322 write_easyrsa_ssl_cnf_tmp(): Add hash for $known_heredoc_322 write_easyrsa_ssl_cnf_tmp(): Add verbose message for unknown hash create_legacy_stream(), vars: Remove $EASYRSA_PRESERVE_DN create_legacy_stream(), ssl-cnf: Always enable SSL option -preserveDN

openssl-easyrsa.cnf:
Always enable SSL option -preserveDN

vars.example:
Remove $EASYRSA_PRESERVE_DN

easyrsa:
sign-req: Remove command option 'preserve' and ignore usage error.
sign-req: Always enable SSL option -preserveDN
write_easyrsa_ssl_cnf_tmp(): Add hash for $known_file_322
write_easyrsa_ssl_cnf_tmp(): Add hash for $known_heredoc_322
write_easyrsa_ssl_cnf_tmp(): Add verbose message for unknown hash
create_legacy_stream(), vars: Remove $EASYRSA_PRESERVE_DN
create_legacy_stream(), ssl-cnf: Always enable SSL option -preserveDN

openssl-easyrsa.cnf:
Always enable SSL option -preserveDN

vars.example:
Remove $EASYRSA_PRESERVE_DN

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
@TinCanTech
Copy link
Collaborator Author

Note:

  • sign-req uses SSL command ca, which supports option -preserveDN.
  • build-ca uses SSL command req, which does not support option -preserveDN.

The SSL config file always configures preserveDN = yes.

@TinCanTech TinCanTech removed this from the v3.2.2 milestone Dec 7, 2024
@TinCanTech
Copy link
Collaborator Author

This PR is incorrect because I used preserveDN = yes, when it should be preserve = yes.

Closing this and will investigate further ...

@TinCanTech TinCanTech closed this Dec 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

sign-req command option preserve should be default behavior
1 participant