Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce 'serialNumber' field for DN (OID 2.5.4.5) #606

Merged
merged 2 commits into from
Jun 20, 2022
Merged

Introduce 'serialNumber' field for DN (OID 2.5.4.5) #606

merged 2 commits into from
Jun 20, 2022

Conversation

TinCanTech
Copy link
Collaborator

Add a final layer of granularity to X509 Distinguished Name.
Only used if --req-serial="<PRINTABLE>user data" is specified.

To minimize the noise to the user by this new field, change the way
that OpenSSL is called to build a CA: Always use '-batch' mode.

User visible change when building a CA:

  • Instead of being prompted for each individual DN field, now the
    user is presented with a read-out of how the fields are currently
    set. There is now only a single confirmation that all fields are
    correct.
  • If '--req-serial' is not used then 'serialNumber' is not displayed.

PRINTABLE: a-z,A-Z,0-9, -+/=.,?:()

Closes: #462 - The original proposal and prototype code.
Closes: #598 - Supersedes: Introduce 1.organizationalUnitName
Closes: #600 - Bugfix: Remove unused 'name' definition from SSL conf.

Signed-off-by: Richard T Bonhomme [email protected]

@TinCanTech
Introduce 'serialNumber' field for DN (OID 2.5.4.5)
72a32a3 
Add a *final* layer of granularity to X509 Distinguished Name.
Only used if --req-serial="<PRINTABLE>user data" is specified.

To minimize the noise to the user by this new field, change the way
that OpenSSL is called to build a CA: Always use '-batch' mode.

User visible change when building a CA:
* Instead of being prompted for each individual DN field, now the
  user is presented with a read-out of how the fields are currently
  set. There is now only a single confirmation that all fields are
  correct.
* If '--req-serial' is not used then 'serialNumber' is not displayed.

PRINTABLE: a-z,A-Z,0-9, -+/=.,?:()

Closes: OpenVPN#462 - The original proposal and prototype code.
Closes: OpenVPN#598 - Supersedes: Introduce 1.organizationalUnitName
Closes: OpenVPN#600 - Bugfix: Remove unused 'name' definition from SSL conf.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech self-assigned this Jun 20, 2022
@TinCanTech TinCanTech added enhancement Full-Approval Merge is imminent EasyRSA-OpenSSL-Config BUG-FIX Major Changes Changes between Major 3.X version numbers - X is Major labels Jun 20, 2022
@TinCanTech TinCanTech added this to the v3.1.1-RC1 milestone Jun 20, 2022
@TinCanTech
Remove stray space characters
4708002 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech merged commit 8135e76 into OpenVPN:master Jun 20, 2022
@TinCanTech TinCanTech deleted the org-serialNumber branch October 28, 2022 00:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@TinCanTech TinCanTech

Labels
BUG-FIX EasyRSA-OpenSSL-Config enhancement Full-Approval Merge is imminent Major Changes Changes between Major 3.X version numbers - X is Major
Projects
None yet
Milestone
v3.1.1 - RC1 - development
Development

Successfully merging this pull request may close these issues.

OpenSSL v3 does not "like something?" about openssl-easyrsa.cnf
1 participant
@TinCanTech