Change to pkitool/openssl.cnf so that calling scripts can

set the KEY_NAME environmental variable to set the "name"
X509 subject field in generated certificates.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3460 e7ae566f-a301-0410-adde-c780ea21d3b5

diff --git a/easy-rsa/2.0/openssl.cnf b/easy-rsa/2.0/openssl.cnf
index a781dda230f34204d3901a7c449e2f134cc34787..3e4d3b3482b63710ec0c3702ddba249640a6126a 100755 (executable)
--- a/easy-rsa/2.0/openssl.cnf
+++ b/easy-rsa/2.0/openssl.cnf
@@ -74,6 +74,7 @@ stateOrProvinceName   = match
 organizationName       = match
 organizationalUnitName = optional
 commonName             = supplied
+name                   = optional
 emailAddress           = optional
 
 # For the 'anything' policy
@@ -86,6 +87,7 @@ localityName          = optional
 organizationName       = optional
 organizationalUnitName = optional
 commonName             = supplied
+name                   = optional
 emailAddress           = optional
 
 ####################################################################
@@ -137,6 +139,9 @@ organizationalUnitName              = Organizational Unit Name (eg, section)
 commonName                     = Common Name (eg, your name or your server\'s hostname)
 commonName_max                 = 64
 
+name                           = Name
+name_max                       = 64
+
 emailAddress                   = Email Address
 emailAddress_default           = $ENV::KEY_EMAIL
 emailAddress_max               = 40
@@ -144,6 +149,7 @@ emailAddress_max            = 40
 # JY -- added for batch mode
 organizationalUnitName_default = $ENV::KEY_OU
 commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
 
 # SET-ex3                      = SET extension number 3
 

diff --git a/easy-rsa/2.0/pkitool b/easy-rsa/2.0/pkitool
index 56e485e337da51328beaa189544f46a1e5fd09a3..a18b1aedfe9a0701e4e2a0f1441118f3c8099956 100755 (executable)
--- a/easy-rsa/2.0/pkitool
+++ b/easy-rsa/2.0/pkitool
@@ -27,6 +27,9 @@
 # Calling scripts can set the certificate organizational 
 # unit with the KEY_OU environmental variable. 
 
+# Calling scripts can also set the KEY_NAME environmental
+# variable to set the "name" X509 subject field.
+
 PROGNAME=pkitool
 VERSION=2.0
 DEBUG=0
@@ -237,6 +240,11 @@ if [ -z "$KEY_OU" ]; then
     KEY_OU=""
 fi
 
+# Set X509 Name string to empty string if undefined
+if [ -z "$KEY_NAME" ]; then
+    KEY_NAME=""
+fi
+
 # Set KEY_CN
 if [ $DO_ROOT -eq 1 ]; then
     if [ -z "$KEY_CN" ]; then
@@ -260,7 +268,7 @@ else
     fi
 fi
 
-export CA_EXPIRE KEY_EXPIRE KEY_OU KEY_CN PKCS11_MODULE_PATH PKCS11_PIN
+export CA_EXPIRE KEY_EXPIRE KEY_OU KEY_NAME KEY_CN PKCS11_MODULE_PATH PKCS11_PIN
 
 # Show parameters (debugging)
 if [ $DEBUG -eq 1 ]; then
@@ -277,6 +285,7 @@ if [ $DEBUG -eq 1 ]; then
     echo KEY_EXPIRE $KEY_EXPIRE
     echo CA_EXPIRE $CA_EXPIRE
     echo KEY_OU $KEY_OU
+    echo KEY_NAME $KEY_NAME
     echo DO_P11 $DO_P11
     echo PKCS11_MODULE_PATH $PKCS11_MODULE_PATH
     echo PKCS11_SLOT $PKCS11_SLOT