From: Florian Obser Subject: Re: [stu@spacehopper.org: Re: acme-client(1): add support for let's encrypt iPAddress certificates] To: tech@openbsd.org Date: Sat, 21 Feb 2026 14:40:01 +0100 On 2026-02-20 14:20 UTC, Stuart Henderson wrote: > just updated the machine where I'm running acme-client, which reminded > me that I still have this diff.. any interest? I'm reviewing the diff and trying it out. Could you please commit the removal of CN, it's kinda unrelated and a bit in the way for me to understand what's going on. I've GC'ed "name" which is now unusued. This is OK florian diff --git keyproc.c keyproc.c index a3b6666c279..977bb3224ec 100644 --- keyproc.c +++ keyproc.c @@ -84,7 +84,6 @@ keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz, void *pp; EVP_PKEY *pkey = NULL; X509_REQ *x = NULL; - X509_NAME *name = NULL; int len, rc = 0, cc, nid, newkey = 0; mode_t prev; STACK_OF(X509_EXTENSION) *exts = NULL; @@ -155,20 +154,6 @@ keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz, goto out; } - /* Now specify the common name that we'll request. */ - - if ((name = X509_NAME_new()) == NULL) { - warnx("X509_NAME_new"); - goto out; - } else if (!X509_NAME_add_entry_by_txt(name, "CN", - MBSTRING_ASC, (u_char *)alts[0], -1, -1, 0)) { - warnx("X509_NAME_add_entry_by_txt: CN=%s", alts[0]); - goto out; - } else if (!X509_REQ_set_subject_name(x, name)) { - warnx("X509_req_set_issuer_name"); - goto out; - } - /* * Now add the SAN extensions. * This was lifted more or less directly from demos/x509/mkreq.c @@ -267,7 +252,6 @@ out: free(sans); free(san); X509_REQ_free(x); - X509_NAME_free(name); EVP_PKEY_free(pkey); ERR_print_errors_fp(stderr); ERR_free_strings(); -- In my defence, I have been left unsupervised.