Package: ssl-cert Version: 1.0.35 Severity: wishlist The make-ssl-cert(8) utility has a bunch of things it can get from debconf:
make-ssl-cert/vulnerable_prng: make-ssl-cert/altname: make-ssl-cert/hostname: make-ssl-cert/title: These are used in the ask_via_debconf() function. So it's possible it EITHER: * put a SAN in the certificate, OR * easily generate a 'snakeoil' cert that all/most Debian packages are pre-configured to use Perhaps a "make-ssl-cert/always-debconf" could be added, and then test for its value: if true then call ask_via_debconf(), otherwise use make_snakeoil() like now. -- System Information: Debian Release: 8.5 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ssl-cert depends on: ii adduser 3.113+nmu3 ii debconf [debconf-2.0] 1.5.56 ii openssl 1.0.1t-1+deb8u2 ssl-cert recommends no packages. Versions of packages ssl-cert suggests: pn openssl-blacklist <none> -- debconf information excluded
