X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=prosodyctl;h=d341a75bbabb7a5e131626e80f6628df85ff74b0;hb=df2dc10edd007675428a94e6894a55d5a00bea6a;hp=06590d1cca64fa2cb946cb04675b5c2855d0f677;hpb=a250fef0d85ce72abc910f7ccf53e2830358990f;p=prosody.git

diff --git a/prosodyctl b/prosodyctl
index 06590d1c..d341a75b 100755
--- a/prosodyctl
+++ b/prosodyctl
@@ -662,21 +662,34 @@ function cert_commands.config(arg)
 		conf:from_prosody(hosts, config, arg);
 		show_message("Please provide details to include in the certificate config file.");
 		show_message("Leave the field empty to use the default value or '.' to exclude the field.")
-		for k, v in pairs(conf.distinguished_name) do
-			local nv;
-			if k == "commonName" then 
-				v = arg[1]
-			elseif k == "emailAddress" then
-				v = "xmpp@" .. arg[1];
-			end
-			nv = show_prompt(("%s (%s):"):format(k, nv or v));
-			nv = (not nv or nv == "") and v or nv;
-			if nv:find"[\192-\252][\128-\191]+" then
-				conf.req.string_mask = "utf8only"
+		for i, k in ipairs(openssl._DN_order) do
+			local v = conf.distinguished_name[k];
+			if v then
+				local nv;
+				if k == "commonName" then
+					v = arg[1]
+				elseif k == "emailAddress" then
+					v = "xmpp@" .. arg[1];
+				elseif k == "countryName" then
+					local tld = arg[1]:match"%.([a-z]+)$";
+					if tld and #tld == 2 and tld ~= "uk" then
+						v = tld:upper();
+					end
+				end
+				nv = show_prompt(("%s (%s):"):format(k, nv or v));
+				nv = (not nv or nv == "") and v or nv;
+				if nv:find"[\192-\252][\128-\191]+" then
+					conf.req.string_mask = "utf8only"
+				end
+				conf.distinguished_name[k] = nv ~= "." and nv or nil;
 			end
-			conf.distinguished_name[k] = nv ~= "." and nv or nil;
 		end
-		local conf_file = io.open(conf_filename, "w");
+		local conf_file, err = io.open(conf_filename, "w");
+		if not conf_file then
+			show_warning("Could not open OpenSSL config file for writing");
+			show_warning(err);
+			os.exit(1);
+		end
 		conf_file:write(conf:serialize());
 		conf_file:close();
 		print("");