Fixed openssl bug with blank extensions. Modified commonName hash to use hex values. Changed download filename to be commonName.

git-svn-id: svn://svn.alpinelinux.org/acf/openssl/trunk@1372 ab2d0c66-481e-0410-8bed-d214d4d58bed

2 files changed, 25 insertions, 10 deletions

diff --git a/openssl-ca-acf.cnf b/openssl-ca-acf.cnf
index 5e11a9f..91c036b 100644
--- a/openssl-ca-acf.cnf
+++ b/openssl-ca-acf.cnf
@@ -83,7 +83,6 @@ distinguished_name	= req_distinguished_name
 attributes		= req_attributes
 x509_extensions		= v3_ca_cert
 string_mask		= nombstr
-req_extensions		= v3_req
 
 # The req section specifies the attributes that will be asked for
 # Here is where we define the fields that are presented in 
@@ -137,8 +136,6 @@ keyUsage			= cRLSign, keyCertSign
 subjectKeyIdentifier		= hash
 authorityKeyIdentifier		= keyid,issuer:always
 
-[ v3_req ]
-
 [ general_cert ]
 # Non-specific 
 policy				= policy_acf_cert
diff --git a/openssl-model.lua b/openssl-model.lua
index 71fa1ae..35ad97b 100644
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -225,13 +225,23 @@ end
 
 local hashname = function(name)
 	local hash = {name:byte(1,-1)}
-	return table.concat(hash, "-")
+	-- no longer returning '-' separated decimal, but 2 char hex
+	--return table.concat(hash, "-")
+	for i,val in ipairs(hash) do hash[i] = string.format("%02X", val) end
+	return table.concat(hash)
 end
 
 local unhashname = function(hashstring)
 	local hash = {}
-	for char in string.gmatch(hashstring, "([^-]+)-*") do
-		hash[#hash+1] = char
+	-- this is to be backward compatible with '-' separated decimal
+	if string.find(hashstring, "-") then
+		for char in string.gmatch(hashstring, "([^-]+)-*") do
+			hash[#hash+1] = char
+		end
+	else
+		for char in string.gmatch(hashstring, "%x%x") do
+			hash[#hash+1] = tonumber(char, 16)
+		end
 	end
 	return string.char(unpack(hash))
 end
@@ -382,9 +392,11 @@ submitrequest = function(defaults, user)
 		if not config.req or not config.req.req_extensions then
 			ext_section = "v3_req"
 			while config[ext_section] do ext_section = "v3_req_"..tostring(os.time()) end
-			a,b,c,fileval = getopts.setoptsinfile(fileval, "req", "req_extensions", ext_section)
 		else
 			ext_section = config.req.req_extensions
+			for name,value in pairs(config[ext_section] or {}) do
+				a,b,c,temp = getopts.setoptsinfile(temp, "", name, value)
+			end
 		end
 		if config[defaults.value.certtype.value].x509_extensions then
 			ext_section = config[defaults.value.certtype.value].x509_extensions
@@ -394,10 +406,14 @@ submitrequest = function(defaults, user)
 				end
 			end
 		end
-		a,b,c,fileval = getopts.setsection(fileval, ext_section, temp)
+		
+		if temp ~= "" then
+			a,b,c,fileval = getopts.setsection(fileval, ext_section, temp)
+			a,b,c,fileval = getopts.setoptsinfile(fileval, "req", "req_extensions", ext_section)
+		end
 		fs.write_file(configfile..".tmp", fileval)
 		
-		local cmd = path .. "openssl req -nodes -new -config "..configfile..".tmp -reqexts "..ext_section.." -keyout "..reqname..".pem -out "..reqname..".csr -subj '"..subject.."' 2>&1"
+		local cmd = path .. "openssl req -nodes -new -config "..configfile..".tmp -keyout "..reqname..".pem -out "..reqname..".csr -subj '"..subject.."' 2>&1"
 		local f = io.popen(cmd)
 		local cmdresult = f:read("*a")
 		f:close()
@@ -545,7 +561,9 @@ end
 
 getcert = function(cert)
 	local f = fs.read_file(certdir..cert..".pfx")
-	return cfe({ type="raw", value=f, label=cert..".pfx", option="application/x-pkcs12" })
+	local a,b,c,d = string.match(cert, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
+	c = string.gsub(unhashname(c), "[^%w_-]", "")
+	return cfe({ type="raw", value=f, label=c..".pfx", option="application/x-pkcs12" })
 end
 
 revokecert = function(cert)