ovs-pki: Allow generating certificates with duplicate subjects.

Without this setting, the certificate authorities that ovs-pki creates will
not allow two switches or two controllers to have the same name.  This
causes problem in testing, since it's often convenient to test with short,
common names like "tmp".

(If you need to fix a PKI that you already created, in addition to
modifying ca.cnf you will need to make the same change to index.txt.attr.)

CC: Pierre Ettori <pettori@nicira.com>

diff --git a/utilities/ovs-pki.in b/utilities/ovs-pki.in
index ea959fdd8176c2540fdaa1bc6017cd31cacb6659..5c8c4bb2e742ac6ff0ab168811e7103fa18d1326 100755 (executable)
--- a/utilities/ovs-pki.in
+++ b/utilities/ovs-pki.in
@@ -249,6 +249,7 @@ email_in_dn    = no                    # Don't add the email into cert DN
 name_opt       = ca_default            # Subject name display option
 cert_opt       = ca_default            # Certificate display option
 copy_extensions = none                 # Don't copy extensions from request
+unique_subject = no                    # Allow certs with duplicate subjects
 
 # For the CA policy
 [ policy ]