Hello Michael,
thanks for your reply. In my opinion: Partly. :-)
Actually, the code allows arbitrary user input as log as _any_ SubjectAlternativeName is provided during root/host certificate generation. As far as I can recall, this is exactly what we agreed on.
Regarding the FQDN, I do not think it makes sense to use IPFire's hostname unconditionally: Most installations will not even have a valid FQDN assigned to red0, not to mention missing DNS records if the latter one is present.
Thereof, I consider using the same value filled into "$ROOTCERT_HOSTNAME" as a SubjectAlternativeName makes sense.
Thanks, and best regards, Peter Müller
Hi,
I am not sure about the change of behaviour here.
I thought the consensus in the telephone conference was to always set it to the FQDN of the IPFire box and accept any additional values from the user. So it will always be set.
The code looks like it does not do that.
Did I get it wrong what we agreed on in the end?
-Michael