Commit 2b4e55e6 authored by Leigh Stoller's avatar Leigh Stoller

When PROTOGENI is on, put in the url of the protogeni XMLRPC server.

parent 8b87a67c
......@@ -294,6 +294,23 @@ system("cp -f $TEMPLATE usercert.cnf") == 0
open(TEMP, ">>usercert.cnf")
or fatal("Could not open $TEMPLATE for append: $!");
if ($PGENISUPPORT) {
my $url = "@PROTOGENI_URL@/sa";
# unregistered OID 2.25.305821105408246119474742976030998643995
# (corresponding to UUID e61300a0-c4c5-11de-b14e-0002a5d5c51b)
# is used to indicate generic ProtoGENI XMLRPC servers.
print TEMP
"authorityInfoAccess=2.25.305821105408246119474742976030998643995;URI:$url\n";
}
print TEMP "\n";
print TEMP "[ req_distinguished_name ]\n";
print TEMP "C\t\t=@SSLCERT_COUNTRY@\n";
print TEMP "ST\t\t=@SSLCERT_STATE@\n";
print TEMP "L\t\t=@SSLCERT_LOCALITY@\n";
print TEMP "O\t\t=@SSLCERT_ORGNAME@\n";
if ($PGENISUPPORT && $encrypted) {
print TEMP "OU\t\t= $PGENIDOMAIN.$user_uid\n";
}
......@@ -304,7 +321,7 @@ print TEMP "CN\t\t= $user_uuid\n";
print TEMP "emailAddress\t= $user_uid" . "\@" . "$OURDOMAIN\n";
print TEMP "\n[ req_altname ]\nURI=urn:publicid:IDN+$OURDOMAIN" .
"+user+$user_uid\nemail=$user_uid" . "\@" . "$OURDOMAIN\n";
"+user+$user_uid\nemail=$user_uid" . "\@" . "$OURDOMAIN\n\n";
close(TEMP)
or fatal("Could not close usercert.cnf: $!");
......
......@@ -7,15 +7,15 @@ default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
req_extensions = request_extensions
string_mask = nombstr
oid_section = protogeni_oids
[ protogeni_oids ]
xmlrpc = 2.25.305821105408246119474742976030998643995
[ request_extensions ]
basicConstraints=critical,CA:FALSE
subjectKeyIdentifier=hash
subjectAltName=@req_altname
# Modifed for update 5.21
# This will be appended to by mkusercert.
[ req_distinguished_name ]
C = @SSLCERT_COUNTRY@
ST = @SSLCERT_STATE@
L = @SSLCERT_LOCALITY@
O = @SSLCERT_ORGNAME@
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment