aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xdmvpn-ca11
-rw-r--r--dmvpn-ca.conf2
-rw-r--r--dmvpn.lua4
3 files changed, 16 insertions, 1 deletions
diff --git a/dmvpn-ca b/dmvpn-ca
index 69439a2..e63e533 100755
--- a/dmvpn-ca
+++ b/dmvpn-ca
@@ -1131,6 +1131,17 @@ output = scan_choice(
)
)
+ local hosts = config.hub.hosts
+ if hosts then
+ cert:addExtension(
+ x509ext.new(
+ dmvpn.OID_HUB_HOSTS,
+ 'DER',
+ asn1.sequence_of(asn1.ia5string).encode(hosts)
+ )
+ )
+ end
+
local net_config = {}
local pr_config = {}
for subnet in get_subnets() do
diff --git a/dmvpn-ca.conf b/dmvpn-ca.conf
index d1c95cc..0b879b7 100644
--- a/dmvpn-ca.conf
+++ b/dmvpn-ca.conf
@@ -8,6 +8,8 @@ ca:
curve: secp521r1
hub:
+ hosts:
+ - hubs.example.com
subnets:
- '10.0.0.0/8'
- '172.16.0.0/16'
diff --git a/dmvpn.lua b/dmvpn.lua
index 5fd31ce..0232992 100644
--- a/dmvpn.lua
+++ b/dmvpn.lua
@@ -3,4 +3,6 @@ Copyright (c) 2014-2018 Kaarle Ritvanen
See LICENSE file for license details
]]--
-return {OID_IS_HUB='1.3.6.1.4.1.31536.1.1'}
+local base = '1.3.6.1.4.1.31536.1.'
+
+return {OID_IS_HUB=base..'1', OID_HUB_HOSTS=base..'2'}