On 2026-02-20 14:20 UTC, Stuart Henderson <stu@spacehopper.org> wrote:
> just updated the machine where I'm running acme-client, which reminded
> me that I still have this diff.. any interest?

I'm reviewing the diff and trying it out.

Could you please commit the removal of CN, it's kinda unrelated and a
bit in the way for me to understand what's going on.

I've GC'ed "name" which is now unusued.
This is OK florian

diff --git keyproc.c keyproc.c
index a3b6666c279..977bb3224ec 100644
--- keyproc.c
+++ keyproc.c
@@ -84,7 +84,6 @@ keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
 	void		*pp;
 	EVP_PKEY	*pkey = NULL;
 	X509_REQ	*x = NULL;
-	X509_NAME	*name = NULL;
 	int		 len, rc = 0, cc, nid, newkey = 0;
 	mode_t		 prev;
 	STACK_OF(X509_EXTENSION) *exts = NULL;
@@ -155,20 +154,6 @@ keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
 		goto out;
 	}
 
-	/* Now specify the common name that we'll request. */
-
-	if ((name = X509_NAME_new()) == NULL) {
-		warnx("X509_NAME_new");
-		goto out;
-	} else if (!X509_NAME_add_entry_by_txt(name, "CN",
-		MBSTRING_ASC, (u_char *)alts[0], -1, -1, 0)) {
-		warnx("X509_NAME_add_entry_by_txt: CN=%s", alts[0]);
-		goto out;
-	} else if (!X509_REQ_set_subject_name(x, name)) {
-		warnx("X509_req_set_issuer_name");
-		goto out;
-	}
-
 	/*
 	 * Now add the SAN extensions.
 	 * This was lifted more or less directly from demos/x509/mkreq.c
@@ -267,7 +252,6 @@ out:
 	free(sans);
 	free(san);
 	X509_REQ_free(x);
-	X509_NAME_free(name);
 	EVP_PKEY_free(pkey);
 	ERR_print_errors_fp(stderr);
 	ERR_free_strings();


-- 
In my defence, I have been left unsupervised.