diff options
-rwxr-xr-x | dmvpn-ca | 11 | ||||
-rw-r--r-- | dmvpn-ca.conf | 2 | ||||
-rw-r--r-- | dmvpn.lua | 4 |
3 files changed, 16 insertions, 1 deletions
@@ -1131,6 +1131,17 @@ output = scan_choice( ) ) + local hosts = config.hub.hosts + if hosts then + cert:addExtension( + x509ext.new( + dmvpn.OID_HUB_HOSTS, + 'DER', + asn1.sequence_of(asn1.ia5string).encode(hosts) + ) + ) + end + local net_config = {} local pr_config = {} for subnet in get_subnets() do diff --git a/dmvpn-ca.conf b/dmvpn-ca.conf index d1c95cc..0b879b7 100644 --- a/dmvpn-ca.conf +++ b/dmvpn-ca.conf @@ -8,6 +8,8 @@ ca: curve: secp521r1 hub: + hosts: + - hubs.example.com subnets: - '10.0.0.0/8' - '172.16.0.0/16' @@ -3,4 +3,6 @@ Copyright (c) 2014-2018 Kaarle Ritvanen See LICENSE file for license details ]]-- -return {OID_IS_HUB='1.3.6.1.4.1.31536.1.1'} +local base = '1.3.6.1.4.1.31536.1.' + +return {OID_IS_HUB=base..'1', OID_HUB_HOSTS=base..'2'} |