From f15fd526cdeac6a7c92cfd9fb2dec5063de382dc Mon Sep 17 00:00:00 2001 From: Andrey Arapov Date: Tue, 10 Jul 2018 00:22:30 +0200 Subject: [PATCH] add --nosan argument --- gencert.sh | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/gencert.sh b/gencert.sh index c8168ce..74178ee 100755 --- a/gencert.sh +++ b/gencert.sh @@ -17,7 +17,8 @@ print_help() { --days - server cert expiration in days\t(default: 365) --cakey - CA key name\t\t\t(default: ca.key) --ca - CA cert name\t\t\t(default: ca.crt) - --cadays - CA cert expiration in days\t(default: 3650)\n" + --cadays - CA cert expiration in days\t(default: 3650)\n + --nosan - do not write SAN records\n" } # Parse command line arguments @@ -28,7 +29,7 @@ OPTIND=1 # Reset in case getopts has been used previously in the shell. # read arguments opts=$(getopt \ - --longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:," \ + --longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:,nosan," \ --name "$(basename "$0")" \ --options "" \ -- "$@" @@ -78,6 +79,11 @@ while [ $# -gt 0 ]; do shift 2 ;; + --nosan) + ARG_NOSAN=1 + shift 2 + ;; + *) break ;; @@ -98,6 +104,7 @@ fi # echo ARG_CAKEY=$ARG_CAKEY # echo ARG_CA=$ARG_CA # echo ARG_CADAYS=$ARG_CADAYS +# echo ARG_NOSAN=$ARG_NOSAN # prepare common variables ## @@ -167,12 +174,15 @@ extendedKeyUsage = serverAuth subjectAltName = @alt_names [ alt_names ]" - # Gather IPs for SAN - - i=1 - IPS="$(getent ahostsv4 $(hostname) | awk '{print $1}' |sort | uniq)" - echo "[${ME}] Found these IPs: " ${IPS} - PAYLOAD="$(for IP in $IPS; do echo "IP.${i} = ${IP}" ; i=$((i + 1)); done)" + + if [ $ARG_NOSAN -ne 1 ]; then + # Gather IPs for SAN + + i=1 + IPS="$(getent ahostsv4 $(hostname) | awk '{print $1}' |sort | uniq)" + echo "[${ME}] Found these IPs: " ${IPS} + PAYLOAD="$(for IP in $IPS; do echo "IP.${i} = ${IP}" ; i=$((i + 1)); done)" + fi printf "${OPENSSL_CONFIG_CONTENT}\n${PAYLOAD}\n" > "${OPENSSL_CONFIG}" }