Add -alt option to makecert to a subjectAltName extension

* man/makecert.1: Add documentation for -alt
* mcs/tools/security/makecert.cs: Add (mono only!) -alt to support
adding a subjectAltName extension in certificates. This allows to
speficy (from a file) a list of DNS entries so a single X.509
certificate can be used/shared for SSL (like all the bots hosts)

diff --git a/man/makecert.1 b/man/makecert.1
index 006341ffd853fa660f1f52ff6d7388314b01a332..41284a47ae6d8a29234bec2e7d28a1c006e8d8b8 100644 (file)
--- a/man/makecert.1
+++ b/man/makecert.1
@@ -1,7 +1,7 @@
 .\" 
 .\" makecert manual page.
 .\" Copyright 2003 Motus Technologies
-.\" Copyright 2004-2005 Novell
+.\" Copyright 2004-2005, 2011 Novell
 .\" Author:
 .\"   Sebastien Pouliot (sebastien@ximian.com)
 .\"
@@ -104,6 +104,12 @@ applicable for certificates that have BasicConstraint set to Authority (-cy
 authority). This is used to limit the chain of certificates than can be
 issued under this authority.
 .TP
+.I "-alt filename"
+Add a subjectAltName extension to the certificate. Each line from 'filename'
+will be added as a DNS entry of the extension. This option is useful if you
+want to create a single SSL certificate to work on several hosts that do not
+share a common domain name (i.e. CN=*.domain.com would not work).
+.TP
 .I "-eku oid[,oid]"
 Add some extended key usage OID to the certificate.
 .TP

diff --git a/mcs/tools/security/makecert.cs b/mcs/tools/security/makecert.cs
index bb1616a58ec0e9d6dad083a9490185150174923e..99baefdd8b75df074ceaff4f1170f692230f1283 100644 (file)
--- a/mcs/tools/security/makecert.cs
+++ b/mcs/tools/security/makecert.cs
@@ -111,6 +111,7 @@ namespace Mono.Tools {
                        CspParameters issuerParams = new CspParameters ();
                        BasicConstraintsExtension bce = null;
                        ExtendedKeyUsageExtension eku = null;
+                       SubjectAltNameExtension alt = null;
                        string p12file = null;
                        string p12pwd = null;
                        X509Certificate issuerCertificate = null;
@@ -214,6 +215,12 @@ namespace Mono.Tools {
                                                        }
                                                        bce.PathLenConstraint = Convert.ToInt32 (args [i++]);
                                                        break;
+                                               case "-alt":
+                                                       if (alt == null) {
+                                                               string [] dnsNames = File.ReadAllLines (args [i++]);
+                                                               alt = new SubjectAltNameExtension (null, dnsNames, null, null);
+                                                       }
+                                                       break;
                                                case "-ic":
                                                        issuerCertificate = LoadCertificate (args [i++]);
                                                        issuer = issuerCertificate.SubjectName;
@@ -393,6 +400,8 @@ namespace Mono.Tools {
                                        cb.Extensions.Add (bce);
                                if (eku != null)
                                        cb.Extensions.Add (eku);
+                               if (alt != null)
+                                       cb.Extensions.Add (alt);
                                // signature
                                cb.Hash = hashName;
                                byte[] rawcert = cb.Sign (issuerKey);