From 5ceed802cc5ce670bbf9ab8028c7fe2ba97bef0a Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Thu, 21 Dec 2017 21:14:48 -0500
Subject: [PATCH] samples: pass --subject to swtpm_cert since certtool needs a
 subject

Certtool seems to not verify a certificate chain properly unless
the certificate has a distinguished name.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 samples/swtpm-localca | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/samples/swtpm-localca b/samples/swtpm-localca
index 5aa75c3..236cf30 100755
--- a/samples/swtpm-localca
+++ b/samples/swtpm-localca
@@ -142,6 +142,12 @@ create_cert() {
 		options=$(cat ${LOCALCA_OPTIONS})
 	fi
 
+	if [ -n "$vmid" ]; then
+		options="$options --subject \"CN=$vmid\""
+	else
+		options="$options --subject \"CN=unknown\""
+	fi
+
 	case "$typ" in
 	ek)
 		if [ -z "$(type -p swtpm_cert)" ]; then