Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sign-req command option preserve should be default behavior #1268

Closed
TinCanTech opened this issue Dec 4, 2024 · 1 comment
Closed

sign-req command option preserve should be default behavior #1268

TinCanTech opened this issue Dec 4, 2024 · 1 comment
Assignees
@TinCanTech
Labels
Feature request

Comments

@TinCanTech
Copy link
Collaborator

TinCanTech commented Dec 4, 2024
edited
Loading

I cannot think of any reason that someone would want random DN fields.

I would use global option --preservedn but it would be unnecessary.

Enable SSL option -preserveDN for Easy-RSA sign-req() by default.
@TinCanTech TinCanTech self-assigned this Dec 4, 2024
@TinCanTech TinCanTech added this to the v3.2.2 milestone Dec 4, 2024
@TinCanTech TinCanTech removed this from the v3.2.2 milestone Dec 4, 2024
@TinCanTech TinCanTech linked a pull request Dec 7, 2024 that will close this issue
sign-req: Always enable SSL option -preserveDN #1271
Closed
@TinCanTech
Copy link
Collaborator Author

FTR: In order to build a CSR with disordered DN fields with easyrsa, the openssl-easyrsa.cnf DN fields order must be changed. This is then unsupported.

Signing the request will normally correct the order to that of the signing PKI.

Thus, having the option to preserve the request DN ordering is the right approach.

@TinCanTech TinCanTech closed this as not planned Won't fix, can't repro, duplicate, stale Dec 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TinCanTech TinCanTech

Labels
Feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

sign-req: Always enable SSL option -preserveDN TinCanTech/easy-rsa
1 participant
@TinCanTech