Description of problem: The 'certtool' man page indicates that it supports a 'uri' field in config files for creating certs: [quote] # A subject alternative name URI #uri = "http://www.example.com" [/quote] Attempting to use this, eg # cat > server.info <<EOF organization = ACME cn = localhost uri = "https://localhost" uri = "https://localhost4" uri = "https://localhost6" uri = "https://localhost.localdomain" uri = "https://localhost4.localdomain4" uri = "https://localhost6.localdomain6" ip_address = 127.0.0.1 ip_address = ::1 tls_www_server encryption_key signing_key EOF and it generates a warning from certtool that its ignoring 'uri' $ certtool --generate-certificate --load-privkey server-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template server.info 2>&1 | grep Warn Warning: skipping unknown option 'uri' Warning: skipping unknown option 'uri' Warning: skipping unknown option 'uri' Warning: skipping unknown option 'uri' Warning: skipping unknown option 'uri' Warning: skipping unknown option 'uri' Version-Release number of selected component (if applicable): gnutls-3.5.8-2.fc25.x86_64 How reproducible: Always Steps to Reproduce: 1. Run certtool to create a certificate against a config file containing a 'uri' key
Thanks. That seems however like a misleading warning though and the certificate already contains the expected data right? https://gitlab.com/gnutls/gnutls/commit/e6badc35efdc6078ca30edb0ee5e059f8da7a305
Oh I just saw the warning and assumed it was truthful, so didn't check the resulting cert :-) Now I look more closely, I see that the cert *does* contain URI data !
Should be addressed in 3.5.10.