diff options
| -rw-r--r-- | openssl-ca-acf.cnf | 4 | ||||
| -rw-r--r-- | openssl-model.lua | 10 |
2 files changed, 8 insertions, 6 deletions
diff --git a/openssl-ca-acf.cnf b/openssl-ca-acf.cnf index fd48c49..73db0c6 100644 --- a/openssl-ca-acf.cnf +++ b/openssl-ca-acf.cnf @@ -150,7 +150,7 @@ authorityKeyIdentifier = keyid,issuer:always basicConstraints = CA:FALSE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always -policy = policy_acf_ca +policy = policy_acf_cert [ ssl_server_cert ] @@ -182,7 +182,7 @@ keyUsage = cRLSign, keyCertSign extendedKeyUsage = subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always -policy = policy_acf_cert +policy = policy_acf_ca [ crl_ext ] authorityKeyIdentifier = keyid,issuer:always diff --git a/openssl-model.lua b/openssl-model.lua index 6a17a0c..bcaf477 100644 --- a/openssl-model.lua +++ b/openssl-model.lua @@ -53,8 +53,8 @@ local validate_distinguished_names = function(values) local success = true for name,value in pairs(values.value) do - if string.find(value.value, "[,/'=]") then - value.errtxt = "Value cannot contain =/,'" + if string.find(value.value, "[#]") then + value.errtxt = "Value cannot contain #" success = false end @@ -102,14 +102,16 @@ local create_subject_string = function(values, ignorevalues) reverseshorts[short] = name end for name,value in pairs(values.value) do - name = name:gsub(".*%.", "") + name = name:gsub(".*%.", "") -- remove the "0." from the front + value.value = value.value:gsub("[/=]", "\%1") -- escape characters if (short_names[name] or reverseshorts[name]) and value.value and value.value ~= "" then name = short_names[name] or name outstr[#outstr + 1] = name .. "=" .. value.value end end for name,value in pairs(values.value) do - name = name:gsub(".*%.", "") + name = name:gsub(".*%.", "") -- remove the "0." from the front + value.value = value.value:gsub("[/=]", "\%1") -- escape characters if not reverseignore[name] and not short_names[name] and not reverseshorts[name] and value.value and value.value ~= "" then outstr[#outstr + 1] = name .. "=" .. value.value end |