Set default stateOrProvice to 'supplied' in openssl.cnf.tmpl.

This resolves a stateOrProvince printable string UTF8 mismatch on RHEL 6 and Fedora 14 (using openssl-1.0.0-4.el6.x86_64 or openssl-1.0.0d-1.fc14.x86_64). Fixes x509 certificate generation on Fedora 14 and Redhat 6.
author: Dan Prince <dan.prince@rackspace.com> 2011-04-08 12:22:09 -0400
committer: Dan Prince <dan.prince@rackspace.com> 2011-04-08 12:22:09 -0400
commit: decdaa30acb15e088eb6a0ca3ebc8ea6f377cbfe (patch)
tree: 8ed326260fe5d2cefb0efc9a69c0c9fb4b4038d3
parent: 13d55f9b297740689b99d3c33c154c269a48121a (diff)
download: nova-decdaa30acb15e088eb6a0ca3ebc8ea6f377cbfe.tar.gz
nova-decdaa30acb15e088eb6a0ca3ebc8ea6f377cbfe.tar.xz
nova-decdaa30acb15e088eb6a0ca3ebc8ea6f377cbfe.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/nova/CA/openssl.cnf.tmpl b/nova/CA/openssl.cnf.tmpl
index dd81f1c2b..b80fadf40 100644
--- a/nova/CA/openssl.cnf.tmpl
+++ b/nova/CA/openssl.cnf.tmpl
@@ -41,9 +41,13 @@ nameopt			= default_ca
 certopt			= default_ca
 policy			= policy_match
 
+# NOTE(dprince): stateOrProvinceName must be 'supplied' or 'optional' to
+# work around a stateOrProvince printable string UTF8 mismatch on
+# RHEL 6 and Fedora 14 (using openssl-1.0.0-4.el6.x86_64 or
+# openssl-1.0.0d-1.fc14.x86_64)
 [ policy_match ]
 countryName		= match
-stateOrProvinceName	= match
+stateOrProvinceName	= supplied
 organizationName	= optional
 organizationalUnitName	= optional
 commonName		= supplied
author	Dan Prince <dan.prince@rackspace.com>	2011-04-08 12:22:09 -0400
committer	Dan Prince <dan.prince@rackspace.com>	2011-04-08 12:22:09 -0400
commit	decdaa30acb15e088eb6a0ca3ebc8ea6f377cbfe (patch)
tree	8ed326260fe5d2cefb0efc9a69c0c9fb4b4038d3
parent	13d55f9b297740689b99d3c33c154c269a48121a (diff)
download	nova-decdaa30acb15e088eb6a0ca3ebc8ea6f377cbfe.tar.gz nova-decdaa30acb15e088eb6a0ca3ebc8ea6f377cbfe.tar.xz nova-decdaa30acb15e088eb6a0ca3ebc8ea6f377cbfe.zip