diff options
| author | Erich Eckner <git@eckner.net> | 2019-09-02 14:06:02 +0200 |
|---|---|---|
| committer | Erich Eckner <git@eckner.net> | 2019-09-02 14:06:02 +0200 |
| commit | bfd7187790aed363ac81f6c9fca597fa0b52be9a (patch) | |
| tree | 921d611ae27b9bb841c2f1c621faebf0508f6010 | |
| parent | 496c4eb9b5312d42c1d90ec853f22ec062bb036e (diff) | |
| download | simple-pki-bfd7187790aed363ac81f6c9fca597fa0b52be9a.tar.xz | |
sign-request.in: skip checking of subject - openssl does that
| -rwxr-xr-x | sign-request.in | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/sign-request.in b/sign-request.in index e36ad7d..1150fbd 100755 --- a/sign-request.in +++ b/sign-request.in @@ -39,15 +39,9 @@ while read -r csr; do d ' \ | tr -d ' ' \ - | tr ',' '/' + | tr ',' '/' \ + | sed 's@^.*/CN=@@' ) - if [ -n "${cn%${ca_subject_prefix#/}/CN=*}" ]; then - >&2 printf 'wrong subject: "%s" vs. "%s"\n' \ - "${cn}" \ - "${ca_subject_prefix#/}/CN=*" - continue - fi - cn="${cn#${ca_subject_prefix#/}/CN=}" sans=$( printf '%s\n' "${content}" \ | sed -n ' @@ -93,11 +87,15 @@ while read -r csr; do rm "${csr_local}" continue fi - CA=signing-ca openssl ca -batch -name signing_ca \ + if ! CA=signing-ca openssl ca -batch -name signing_ca \ -config '#ETCDIR#/simple-pki/ca-ssl.conf' \ -in "${csr_local}" \ -out "${csr_local%.csr}.crt" \ - -extensions server_ext + -extensions server_ext; then + >&2 echo 'signing failed - skipping' + rm -f "${csr_local}" "${csr_local%.csr}.crt" + continue + fi cat "${csr_local%.csr}.crt" '#ETCDIR#/simple-pki/ca/signing-ca.crt' '#ETCDIR#/simple-pki/ca/root-ca.crt' \ > "${csr_local%.csr}.chain" rm "${csr_local}" |