add --nosan argument

This commit is contained in:
Andy 2018-07-10 00:22:30 +02:00
parent fccf146814
commit f15fd526cd
Signed by: arno
GPG Key ID: 9076D5E6B31AE99C

View File

@ -17,7 +17,8 @@ print_help() {
--days - server cert expiration in days\t(default: 365) --days - server cert expiration in days\t(default: 365)
--cakey - CA key name\t\t\t(default: ca.key) --cakey - CA key name\t\t\t(default: ca.key)
--ca - CA cert name\t\t\t(default: ca.crt) --ca - CA cert name\t\t\t(default: ca.crt)
--cadays - CA cert expiration in days\t(default: 3650)\n" --cadays - CA cert expiration in days\t(default: 3650)\n
--nosan - do not write SAN records\n"
} }
# Parse command line arguments # Parse command line arguments
@ -28,7 +29,7 @@ OPTIND=1 # Reset in case getopts has been used previously in the shell.
# read arguments # read arguments
opts=$(getopt \ opts=$(getopt \
--longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:," \ --longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:,nosan," \
--name "$(basename "$0")" \ --name "$(basename "$0")" \
--options "" \ --options "" \
-- "$@" -- "$@"
@ -78,6 +79,11 @@ while [ $# -gt 0 ]; do
shift 2 shift 2
;; ;;
--nosan)
ARG_NOSAN=1
shift 2
;;
*) *)
break break
;; ;;
@ -98,6 +104,7 @@ fi
# echo ARG_CAKEY=$ARG_CAKEY # echo ARG_CAKEY=$ARG_CAKEY
# echo ARG_CA=$ARG_CA # echo ARG_CA=$ARG_CA
# echo ARG_CADAYS=$ARG_CADAYS # echo ARG_CADAYS=$ARG_CADAYS
# echo ARG_NOSAN=$ARG_NOSAN
# prepare common variables # prepare common variables
## ##
@ -167,12 +174,15 @@ extendedKeyUsage = serverAuth
subjectAltName = @alt_names subjectAltName = @alt_names
[ alt_names ]" [ alt_names ]"
if [ $ARG_NOSAN -ne 1 ]; then
# Gather IPs for SAN # Gather IPs for SAN
i=1 i=1
IPS="$(getent ahostsv4 $(hostname) | awk '{print $1}' |sort | uniq)" IPS="$(getent ahostsv4 $(hostname) | awk '{print $1}' |sort | uniq)"
echo "[${ME}] Found these IPs: " ${IPS} echo "[${ME}] Found these IPs: " ${IPS}
PAYLOAD="$(for IP in $IPS; do echo "IP.${i} = ${IP}" ; i=$((i + 1)); done)" PAYLOAD="$(for IP in $IPS; do echo "IP.${i} = ${IP}" ; i=$((i + 1)); done)"
fi
printf "${OPENSSL_CONFIG_CONTENT}\n${PAYLOAD}\n" > "${OPENSSL_CONFIG}" printf "${OPENSSL_CONFIG_CONTENT}\n${PAYLOAD}\n" > "${OPENSSL_CONFIG}"
} }