Puppet: System Administration Automated

Support

Ticket #896: sslcertificates.patch

File sslcertificates.patch, 1.4 kB (added by whaymand_home, 1 year ago)

  • sslcertificates.rb

    old new  
    99end 
    1010 
    1111module Puppet::SSLCertificates 
    12     #def self.mkcert(type, name, ttl, issuercert, issuername, serial, publickey) 
     12    #def self.mkcert(type, name, dnsnames, ttl, issuercert, issuername, serial, publickey) 
    1313    def self.mkcert(hash) 
    1414        [:type, :name, :ttl, :issuer, :serial, :publickey].each { |param| 
    1515            unless hash.include?(param) 
     
    3939        basic_constraint = nil 
    4040        key_usage = nil 
    4141        ext_key_usage = nil 
     42        subject_alt_name = [] 
    4243 
    4344        ef = OpenSSL::X509::ExtensionFactory.new 
    4445 
     
    6061            key_usage = %w{cRLSign keyCertSign} 
    6162        when :server: 
    6263            basic_constraint = "CA:FALSE" 
     64            hash[:dnsnames].each(':') { |d| 
     65                subject_alt_name << 'DNS:' + d 
     66            } if hash[:dnsnames] 
    6367            key_usage = %w{digitalSignature keyEncipherment} 
    6468        ext_key_usage = %w{serverAuth clientAuth} 
    6569        when :ocsp: 
     
    8690        if ext_key_usage 
    8791          ex << ef.create_extension("extendedKeyUsage", ext_key_usage.join(",")) 
    8892        end 
     93        if ! subject_alt_name.empty? 
     94          ex << ef.create_extension("subjectAltName", subject_alt_name.join(",")) 
     95        end 
    8996 
    9097        #if @ca_config[:cdp_location] then 
    9198        #  ex << ef.create_extension("crlDistributionPoints",