From 4efb4213c7f855a84107a6e038a94d4faaea07b4 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Thu, 14 May 2009 16:45:11 +0000
Subject: Fixed bug with request extensions. Don't override user input
 extensions with default extensions.

---
 openssl-model.lua | 27 +++++++++------------------
 1 file changed, 9 insertions(+), 18 deletions(-)

(limited to 'openssl-model.lua')

diff --git a/openssl-model.lua b/openssl-model.lua
index 5f4debd..e8f9f45 100644
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -385,30 +385,21 @@ submitrequest = function(defaults, user)
 		-- Generate a temp config file for this request
 		local fileval = fs.read_file(configfile) or ""
 		config = config or format.parse_ini_file(fileval)
-		local temp = format.dostounix(defaults.value.extensions.value)
-		local ext_section
-		if not config.req or not config.req.req_extensions then
-			ext_section = "v3_req"
-			while config[ext_section] do ext_section = "v3_req_"..tostring(os.time()) end
-		else
-			ext_section = config.req.req_extensions
-			for name,value in pairs(config[ext_section] or {}) do
-				temp = format.update_ini_file(temp, "", name, value)
-			end
-		end
+		local ext_section = "v3_req"
+		while config[ext_section] do ext_section = "v3_req_"..tostring(os.time()) end
+		local content = format.dostounix(defaults.value.extensions.value)
+		-- Override with the extensions for this cert type
 		if config[defaults.value.certtype.value].x509_extensions then
-			ext_section = config[defaults.value.certtype.value].x509_extensions
-			for name,value in pairs(config[ext_section] or {}) do
+			local temp = config[defaults.value.certtype.value].x509_extensions
+			for name,value in pairs(config[temp] or {}) do
 				if not string.find(value, "issuer") then
-					temp = format.update_ini_file(temp, "", name, value)
+					content = format.update_ini_file(content, "", name, value)
 				end
 			end
 		end
 		
-		if temp ~= "" then
-			fileval = format.set_ini_section(fileval, ext_section, temp)
-			fileval = format.update_ini_file(fileval, "req", "req_extensions", ext_section)
-		end
+		fileval = format.set_ini_section(fileval, ext_section, content)
+		fileval = format.update_ini_file(fileval, "req", "req_extensions", ext_section)
 		fs.write_file(reqname..".cfg", fileval)
 		
 		local cmd = path .. "openssl req -nodes -new -config "..format.escapespecialcharacters(reqname)..".cfg -keyout "..format.escapespecialcharacters(reqname)..".pem -out "..format.escapespecialcharacters(reqname)..'.csr -subj "'..subject..'" 2>&1'
-- 
cgit v1.2.3