A few issues that seem to come down to limitation of the bash implementation.
Subject var slashes.
The SUBJECT declaration contains /'s and is passed as an argument so mingw thinks it's a unix path, and tries to be helpful and convert it back to a windows path. To tell it not to, we have to prepend it with // and swap the other /'s for \'s.
# avoid mingw deciding the subject string is a path to translate!
unameOut="$(uname -s)"
case "${unameOut}" in
MINGW*) SUBJECT="//CN=gameontext.org\OU=GameOn Development CA\O=The Ficticious GameOn CA Company\L=Earth\ST=Happy\C=CA";;
*) SUBJECT="/CN=gameontext.org/OU=GameOn Development CA/O=The Ficticious GameOn CA Company/L=Earth/ST=Happy/C=CA"
esac
OpenSSL IP.1/DNS.1 in ext
OpenSSL version I have (OpenSSL 1.0.2p Aug 2018) refuses to accept a dns name as an argument to IP.1 in the v3.ext creation. We may need to add logic to detect if ${hostName} is an ip, or a dns name, and only set the appopriate entry.
I just commented out the IP.1 set in my script, as a quick way to solve it locally.
Config as filename rather than string.
For some reason my OpenSSL also wasn't happy about the config being passed via cat as a string, but it was fine with me passing the filename..
#Create Server Key, with CSR
openssl req -new -sha256 -nodes \
-out ${targetDir}/.gameontext.openssl/server.csr -newkey rsa:4096 \
-keyout ${targetDir}/.gameontext.onlykey.pem -config ${targetDir}/.gameontext.openssl/rootCSR.cnf
Subshells & fdopen
Use of subshells to generate stuffs.. I was seeing errors about fdopen not being able to read things.
I'm way less sure of these, because the errors could have just come from the fallout from subject not being set. But I converted the way the CSR/EXT files were made from using cat & EOT into echo concats instead..
A few issues that seem to come down to limitation of the bash implementation.
Subject var slashes.
The SUBJECT declaration contains /'s and is passed as an argument so mingw thinks it's a unix path, and tries to be helpful and convert it back to a windows path. To tell it not to, we have to prepend it with
//and swap the other/'s for\'s.OpenSSL IP.1/DNS.1 in ext
OpenSSL version I have (
OpenSSL 1.0.2p Aug 2018) refuses to accept a dns name as an argument toIP.1in the v3.ext creation. We may need to add logic to detect if${hostName}is an ip, or a dns name, and only set the appopriate entry.I just commented out the IP.1 set in my script, as a quick way to solve it locally.
Config as filename rather than string.
For some reason my OpenSSL also wasn't happy about the config being passed via cat as a string, but it was fine with me passing the filename..
Subshells & fdopen
Use of subshells to generate stuffs.. I was seeing errors about fdopen not being able to read things. I'm way less sure of these, because the errors could have just come from the fallout from subject not being set. But I converted the way the CSR/EXT files were made from using cat & EOT into echo concats instead..