diff --git a/private/self-signed-cert.rkt b/private/self-signed-cert.rkt index 3077f5e..70ca1d8 100644 --- a/private/self-signed-cert.rkt +++ b/private/self-signed-cert.rkt @@ -241,7 +241,7 @@ pkey)))) (generate-x509 - (λ (pkey duration-in-days country company hosts) + (λ (pkey duration-in-days country company hosts ou) (let ((x509 (X509_new))) (when (eq? x509 #f) (error "Unable to create X509 structure")) @@ -260,6 +260,9 @@ "O" MBSTRING_UTF8 company -1 -1 0) (X509_NAME_add_entry_by_txt x509-name "CN" MBSTRING_UTF8 first-host -1 -1 0) + (when (not (eq? ou #f)) + (X509_NAME_add_entry_by_txt x509-name + "OU" MBSTRING_UTF8 ou -1 -1 0)) (X509_set_issuer_name x509 x509-name) (when gen-san @@ -277,7 +280,7 @@ ) ) - + ) (when (= (X509_sign x509 pkey (EVP_sha1)) 0) (X509_free x509) @@ -286,9 +289,9 @@ x509))) (generate-self-signed-cert* - (λ (bits duration-in-days hosts country company) + (λ (bits duration-in-days hosts country company ou) (let* ((pkey (generate-key bits)) - (x509 (generate-x509 pkey duration-in-days country company hosts)) + (x509 (generate-x509 pkey duration-in-days country company hosts ou)) (pkey-data #f) (x509-data #f) ) @@ -320,13 +323,16 @@ ) ) -(c:define/contract (generate-self-signed-cert bits duration-in-days hosts country company) - (c:-> integer? integer? (c:or/c is-ip? is-dns? list-of-hosts?) string? string? - self-signed-cert?) +(c:define/contract (generate-self-signed-cert bits duration-in-days + hosts + country company #:ou [ou #f]) + (c:->* (integer? integer? (c:or/c is-ip? is-dns? list-of-hosts?) string? string?) + (#:ou string?) + self-signed-cert?) (if (eq? generate-self-signed-cert* #f) (error "No openssl FFI glue code available") (let ((h (if (list-of-hosts? hosts) hosts (list hosts)))) - (generate-self-signed-cert* bits duration-in-days h country company) + (generate-self-signed-cert* bits duration-in-days h country company ou) ) ) )