From 577c8c884946f5d5802845850c8146b8e1a40956 Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Mon, 11 Aug 2025 15:47:42 +0200
Subject: [PATCH] ocserv: add emailAddress to user certificates

Set to the same value as CN.
---
 playbooks/ocserv-create-user-cert.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/playbooks/ocserv-create-user-cert.yml b/playbooks/ocserv-create-user-cert.yml
index 99c44d3..eecaa23 100644
--- a/playbooks/ocserv-create-user-cert.yml
+++ b/playbooks/ocserv-create-user-cert.yml
@@ -1,6 +1,6 @@
 # Create key and certificate files for a ocserv client. Run with:
 #
-# ansible-playbook playbooks/ocserv-create-user-cert.yml -euser=<username> -egroup=<group> [-edays=<days>]
+# ansible-playbook playbooks/ocserv-create-user-cert.yml -email=<email> -egroup=<group> [-edays=<days>]
 #
 # Default certificate lifetime is 365 days.
 
@@ -9,14 +9,14 @@
   tasks:
     - name: Set certificate filename
       set_fact:
-        filename: "{{ inventory_hostname }}-{{ user }}-{{ now(utc=true, fmt='%s.%f') }}"
+        filename: "{{ inventory_hostname }}-{{ mail }}-{{ now(utc=true, fmt='%s.%f') }}"
 
     - name: Create client key and signing request
       delegate_to: localhost
       shell:
         cmd: |
           openssl genpkey -algorithm rsa -out {{ filename }}.key
-          openssl req -new -subj /O=fri/OU={{ group }}/CN={{ user }} -key {{ filename }}.key -out {{ filename }}.csr
+          openssl req -new -subj "/O=fri/OU={{ group }}/CN={{ mail }}/emailAddress={{ mail }}/" -key {{ filename }}.key -out {{ filename }}.csr
         chdir: "{{ inventory_dir }}"
 
     # create certificate and store a copy on the server