/usr/share/zentyal/stubs/ca/v3_ext.mas is in zentyal-ca 2.3.6+quantal1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 | <%doc>
This stub file write down specific V3 extensions issuing a
certificate. These extensions are applicable as well as default
ones.
Parameters:
subjAltNames - Array indicating the subject alternative names. The
elements are the following:
type - String indicating the type of subject Alt Name
value - String the value for that subject Alt Name
</%doc>
<%args>
@subjAltNames
</%args>
<%init>
my $subjAltNameStr = join(',', map { $_->{type} . ':' . $_->{value} } @subjAltNames);
my $dnsPresent = grep { $_->{type} eq 'DNS' } @subjAltNames;
my $emailPresent = grep { $_->{type} eq 'email' } @subjAltNames;
my $extendedUsage = '';
if ( $dnsPresent ) {
$extendedUsage = 'serverAuth,clientAuth,';
}
if ( $emailPresent ) {
$extendedUsage .= 'emailProtection';
}
# Remove trailing comma, if available
$extendedUsage =~ s/,$//;
</%init>
% if (@subjAltNames > 0) {
% if ( $extendedUsage ) {
extendedKeyUsage = <% $extendedUsage %>
% }
subjectAltName= <% $subjAltNameStr %>
% }
# PKIX recommendations harmless if included in all certificates.
authorityKeyIdentifier=keyid,issuer
subjectKeyIdentifier = hash
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
|