From 6c84f36f5d15e9df33c927f473e3a33d4c3bcfae Mon Sep 17 00:00:00 2001
From: Matt Bogosian <mtb19@columbia.edu>
Date: Sun, 9 Aug 2015 19:10:50 -0700
Subject: [PATCH] Fix SvenDowideit/generate_cert#10. Update `generate_cert` to
 0.2 (to gain access to the `--org` command line option). Use `--org` command
 line option to ensure org for automatically-generated CA cert differs from
 org for automatically-generated client/server certs. Work-around for OpenSSL
 bug (see <http://tinyurl.com/pqgnb2a>).

---
 Dockerfile                                |  2 +-
 rootfs/rootfs/usr/local/etc/init.d/docker | 11 +++++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index c1a8e8576..01319ea68 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -139,7 +139,7 @@ RUN for dep in $TCZ_DEPS; do \
     done
 
 # get generate_cert
-RUN curl -L -o $ROOTFS/usr/local/bin/generate_cert https://github.com/SvenDowideit/generate_cert/releases/download/0.1/generate_cert-0.1-linux-386/ && \
+RUN curl -L -o $ROOTFS/usr/local/bin/generate_cert https://github.com/SvenDowideit/generate_cert/releases/download/0.2/generate_cert-0.2-linux-amd64 && \
     chmod +x $ROOTFS/usr/local/bin/generate_cert
 
 # Build VBox guest additions
diff --git a/rootfs/rootfs/usr/local/etc/init.d/docker b/rootfs/rootfs/usr/local/etc/init.d/docker
index 5d986336c..257f3610c 100644
--- a/rootfs/rootfs/usr/local/etc/init.d/docker
+++ b/rootfs/rootfs/usr/local/etc/init.d/docker
@@ -20,6 +20,9 @@ test -f '/var/lib/boot2docker/profile' && . '/var/lib/boot2docker/profile'
 : ${SERVERKEY:="${CERTDIR}serverkey.pem"}
 : ${CERT:="${CERTDIR}cert.pem"}
 : ${KEY:="${CERTDIR}key.pem"}
+: ${ORG:=Boot2Docker}
+: ${SERVERORG:="${ORG}"}
+: ${CAORG:="${ORG}CA"} # Append 'CA'; see <http://rt.openssl.org/Ticket/History.html?use r=guest&pass=guest&id=3979>
 
 # Add /usr/local/sbin to the path.
 export PATH=${PATH}:/usr/local/sbin
@@ -41,21 +44,21 @@ start() {
         chmod 700 "$CERTDIR"
         if [ ! -f "$CACERT" ] || [ ! -f "$CAKEY" ]; then
             echo "Generating CA cert"
-            /usr/local/bin/generate_cert --cert="$CACERT" --key="$CAKEY"
+            /usr/local/bin/generate_cert --cert="$CACERT" --key="$CAKEY" --org="$CAORG"
             rm "$SERVERCERT" "$SERVERKEY" "$CERT" "$KEY" "$CERTDIR/hostnames"
         fi
 
         CERTSEXISTFOR=$(cat "$CERTDIR/hostnames" 2>/dev/null)
         if [ "$CERTHOSTNAMES" != "$CERTSEXISTFOR" ]; then
             echo "Generate server cert"
-            echo /usr/local/bin/generate_cert --host="$CERTHOSTNAMES" --ca="$CACERT" --ca-key="$CAKEY" --cert="$SERVERCERT" --key="$SERVERKEY"
-            /usr/local/bin/generate_cert --host="$CERTHOSTNAMES" --ca="$CACERT" --ca-key="$CAKEY" --cert="$SERVERCERT" --key="$SERVERKEY"
+            echo /usr/local/bin/generate_cert --host="$CERTHOSTNAMES" --ca="$CACERT" --ca-key="$CAKEY" --cert="$SERVERCERT" --key="$SERVERKEY" --org="$SERVERORG"
+            /usr/local/bin/generate_cert --host="$CERTHOSTNAMES" --ca="$CACERT" --ca-key="$CAKEY" --cert="$SERVERCERT" --key="$SERVERKEY" --org="$SERVERORG"
             echo "$CERTHOSTNAMES" > "$CERTDIR/hostnames"
         fi
 
         if [ ! -f "$CERT" ] || [ ! -f "$KEY" ]; then
             echo "Generating client cert"
-            /usr/local/bin/generate_cert --ca="$CACERT" --ca-key="$CAKEY" --cert="$CERT" --key="$KEY"
+            /usr/local/bin/generate_cert --ca="$CACERT" --ca-key="$CAKEY" --cert="$CERT" --key="$KEY" --org="$ORG"
         fi
 
         if [ "$DOCKER_TLS" == "auto" ]; then