-

2026-03-08 01:41:01 +01:00
parent 7b1f044279
commit 0aa971e34d
1 changed files with 14 additions and 8 deletions
--- a/private/self-signed-cert.rkt
+++ b/private/self-signed-cert.rkt
@@ -241,7 +241,7 @@
          pkey))))

   (generate-x509
-    (λ (pkey duration-in-days country company hosts)
+    (λ (pkey duration-in-days country company hosts ou)
      (let ((x509 (X509_new)))
        (when (eq? x509 #f)
            (error "Unable to create X509 structure"))
@@ -260,6 +260,9 @@
                                      "O" MBSTRING_UTF8 company -1 -1 0)
          (X509_NAME_add_entry_by_txt x509-name
                                      "CN" MBSTRING_UTF8 first-host -1 -1 0)
+          (when (not (eq? ou #f))
+            (X509_NAME_add_entry_by_txt x509-name
+                                        "OU" MBSTRING_UTF8 ou -1 -1 0))
          (X509_set_issuer_name x509 x509-name)

          (when gen-san
@@ -277,7 +280,7 @@

              )
            )
-          
+          )

        (when (= (X509_sign x509 pkey (EVP_sha1)) 0)
          (X509_free x509)
@@ -286,9 +289,9 @@
        x509)))
          
   (generate-self-signed-cert*
-    (λ (bits duration-in-days hosts country company)
+    (λ (bits duration-in-days hosts country company ou)
      (let* ((pkey (generate-key bits))
-             (x509 (generate-x509 pkey duration-in-days country company hosts))
+             (x509 (generate-x509 pkey duration-in-days country company hosts ou))
             (pkey-data #f)
             (x509-data #f)
             )
@@ -320,13 +323,16 @@
    )
   )

-(c:define/contract (generate-self-signed-cert bits duration-in-days hosts country company)
-  (c:-> integer? integer? (c:or/c is-ip? is-dns? list-of-hosts?) string? string?
-        self-signed-cert?)
+(c:define/contract (generate-self-signed-cert bits duration-in-days
+                                              hosts
+                                              country company #:ou [ou #f])
+  (c:->* (integer? integer? (c:or/c is-ip? is-dns? list-of-hosts?) string? string?)
+         (#:ou string?)
+         self-signed-cert?)
  (if (eq? generate-self-signed-cert* #f)
      (error "No openssl FFI glue code available")
      (let ((h (if (list-of-hosts? hosts) hosts (list hosts))))
-        (generate-self-signed-cert* bits duration-in-days h country company)
+        (generate-self-signed-cert* bits duration-in-days h country company ou)
        )
      )
  )