1 files changed, 8 insertions, 10 deletions

diff --git a/sign-request.in b/sign-request.in
index e36ad7d..1150fbd 100755
--- a/sign-request.in
+++ b/sign-request.in
@@ -39,15 +39,9 @@ while read -r csr; do
       d
     ' \
     | tr -d ' ' \
-    | tr ',' '/'
+    | tr ',' '/' \
+    | sed 's@^.*/CN=@@'
   )
-  if [ -n "${cn%${ca_subject_prefix#/}/CN=*}" ]; then
-    >&2 printf 'wrong subject: "%s" vs. "%s"\n' \
-      "${cn}" \
-      "${ca_subject_prefix#/}/CN=*"
-    continue
-  fi
-  cn="${cn#${ca_subject_prefix#/}/CN=}"
   sans=$(
     printf '%s\n' "${content}" \
     | sed -n '
@@ -93,11 +87,15 @@ while read -r csr; do
     rm "${csr_local}"
     continue
   fi
-  CA=signing-ca openssl ca -batch -name signing_ca \
+  if ! CA=signing-ca openssl ca -batch -name signing_ca \
     -config '#ETCDIR#/simple-pki/ca-ssl.conf' \
     -in "${csr_local}" \
     -out "${csr_local%.csr}.crt" \
-    -extensions server_ext
+    -extensions server_ext; then
+    >&2 echo 'signing failed - skipping'
+    rm -f "${csr_local}" "${csr_local%.csr}.crt"
+    continue
+  fi
   cat "${csr_local%.csr}.crt" '#ETCDIR#/simple-pki/ca/signing-ca.crt' '#ETCDIR#/simple-pki/ca/root-ca.crt' \
   > "${csr_local%.csr}.chain"
   rm "${csr_local}"