[ovs-dev] [PATCH] ovs-pki: Allow generating certificates with duplicate subjects.
Ben Pfaff
blp at nicira.com
Tue Jun 29 21:58:17 UTC 2010
Without this setting, the certificate authorities that ovs-pki creates will
not allow two switches or two controllers to have the same name. This
causes problem in testing, since it's often convenient to test with short,
common names like "tmp".
(If you need to fix a PKI that you already created, in addition to
modifying ca.cnf you will need to make the same change to index.txt.attr.)
CC: Pierre Ettori <pettori at nicira.com>
---
utilities/ovs-pki.in | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in
index ea959fd..5c8c4bb 100755
--- a/utilities/ovs-pki.in
+++ b/utilities/ovs-pki.in
@@ -249,6 +249,7 @@ email_in_dn = no # Don't add the email into cert DN
name_opt = ca_default # Subject name display option
cert_opt = ca_default # Certificate display option
copy_extensions = none # Don't copy extensions from request
+unique_subject = no # Allow certs with duplicate subjects
# For the CA policy
[ policy ]
--
1.7.1
More information about the dev
mailing list