From 75669d224af6b5cab5071af7522dedb2e7ee3e46 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Sat, 8 Jun 2024 14:24:26 +0100
Subject: [PATCH] build_self_sign(): Resrict use of --req-cn and create LOCAL
 SSL config

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index a742246bc..47a8bfd53 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -1898,6 +1898,17 @@ Run easyrsa without commands for usage and command help."
 	file_name_base="$1"
 	shift
 
+	# Prohibit --req-cn
+	[ "$EASYRSA_REQ_CN" = ChangeMe ] || user_error "\
+Option conflict --req-cn:
+* '$cmd' does not support setting an external commonName"
+
+	# Enforce commonName
+	export EASYRSA_REQ_CN="$file_name_base"
+
+	# create local SSL cnf
+	write_easyrsa_ssl_cnf_tmp
+
 	# Refuse option as name
 	case "$file_name_base" in
 		nopass)