* certreqgen.c (create_request): Store the email address in the req.

Note, that I have not yet achieved to generate a cert with the
subjectAltName using OpenSSL.  It seems that openssl requires the
email address to be part of the subject DN (subjectAltName=email:copy)
but this is something we don't want to do.

1 files changed, 27 insertions, 1 deletions

diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index a65f3bbf7..7b3a3a513 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -494,6 +494,7 @@ create_request (struct para_data_s *para, KsbaConstSexp public,
   GCRY_MD_HD md;
   KsbaStopReason stopreason;
   int rc = 0;
+  const char *s;
 
   cr = ksba_certreq_new ();
   if (!cr)
@@ -512,7 +513,7 @@ create_request (struct para_data_s *para, KsbaConstSexp public,
   ksba_certreq_set_hash_function (cr, HASH_FNC, md);
   ksba_certreq_set_writer (cr, outctrl->writer);
   
-  err = ksba_certreq_set_subject (cr, get_parameter_value (para, pNAMEDN));
+  err = ksba_certreq_add_subject (cr, get_parameter_value (para, pNAMEDN));
   if (err)
     {
       log_error ("error setting the subject's name: %s\n",
@@ -521,6 +522,31 @@ create_request (struct para_data_s *para, KsbaConstSexp public,
       goto leave;
     }
 
+  s = get_parameter_value (para, pNAMEEMAIL);
+  if (s)
+    {
+      char *buf = xtrymalloc (strlen (s) + 3);
+
+      if (!buf)
+        {
+          rc = GNUPG_Out_Of_Core;
+          goto leave;
+        }
+      *buf = '<';
+      strcpy (buf+1, s);
+      strcat (buf+1, ">");
+      err = ksba_certreq_add_subject (cr, buf);
+      xfree (buf);
+      if (err)
+        {
+          log_error ("error setting the subject's alternate name: %s\n",
+                     ksba_strerror (err));
+          rc = map_ksba_err (err);
+          goto leave;
+        }
+    }
+
+
   err = ksba_certreq_set_public_key (cr, public);
   if (err)
     {