From 2d137e2e1ce603ee2727d66b1aba57458bf4d1be Mon Sep 17 00:00:00 2001
From: Luke Kanies <luke@madstop.com>
Date: Fri, 18 Sep 2009 12:54:03 -0700
Subject: Fixing #1507 - Adding a :ca_name setting

This allows one to specify the name to use in the
CA certificate.  It defaults to the :certname,
but for those stuck using mod_ssl it can be changed.

Signed-off-by: Luke Kanies <luke@madstop.com>
---
 lib/puppet/ssl/certificate_request.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'lib/puppet/ssl')

diff --git a/lib/puppet/ssl/certificate_request.rb b/lib/puppet/ssl/certificate_request.rb
index 6a0464a33..4008ababe 100644
--- a/lib/puppet/ssl/certificate_request.rb
+++ b/lib/puppet/ssl/certificate_request.rb
@@ -29,9 +29,14 @@ class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
         # Support either an actual SSL key, or a Puppet key.
         key = key.content if key.is_a?(Puppet::SSL::Key)
 
+        # If we're a CSR for the CA, then use the real certname, rather than the
+        # fake 'ca' name.  This is mostly for backward compatibility with 0.24.x,
+        # but it's also just a good idea.
+        common_name = name == Puppet::SSL::CA_NAME ? Puppet.settings[:ca_name] : name
+
         csr = OpenSSL::X509::Request.new
         csr.version = 0
-        csr.subject = OpenSSL::X509::Name.new([["CN", name]])
+        csr.subject = OpenSSL::X509::Name.new([["CN", common_name]])
         csr.public_key = key.public_key
         csr.sign(key, OpenSSL::Digest::MD5.new)
 
-- 
cgit