1 files changed, 13 insertions, 8 deletions

diff --git a/source4/lib/tls/tlscert.c b/source4/lib/tls/tlscert.c
index f2e79f2a89..62e7a72240 100644
--- a/source4/lib/tls/tlscert.c
+++ b/source4/lib/tls/tlscert.c
@@ -24,21 +24,20 @@
 #if ENABLE_GNUTLS
 #include "gnutls/gnutls.h"
 #include "gnutls/x509.h"
+#if HAVE_GCRYPT_H
+#include <gcrypt.h>
+#endif
 
 #define ORGANISATION_NAME "Samba Administration"
 #define UNIT_NAME         "Samba - temporary autogenerated certificate"
-#define COMMON_NAME       "Samba"
 #define LIFETIME          700*24*60*60
 #define DH_BITS 		  1024
 
-void tls_cert_generate(TALLOC_CTX *mem_ctx, 
-		       const char *keyfile, const char *certfile,
-		       const char *cafile);
-
 /* 
    auto-generate a set of self signed certificates
 */
 void tls_cert_generate(TALLOC_CTX *mem_ctx, 
+		       const char *hostname, 
 		       const char *keyfile, const char *certfile,
 		       const char *cafile)
 {
@@ -67,8 +66,14 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx,
 
 	TLSCHECK(gnutls_global_init());
 
-	DEBUG(0,("Attempting to autogenerate TLS self-signed keys for https\n"));
+	DEBUG(0,("Attempting to autogenerate TLS self-signed keys for https for hostname '%s'\n", 
+		 hostname));
 	
+#ifdef HAVE_GCRYPT_H
+	DEBUG(3,("Enabling QUICK mode in gcrypt\n"));
+	gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+#endif
+
 	DEBUG(3,("Generating private key\n"));
 	TLSCHECK(gnutls_x509_privkey_init(&key));
 	TLSCHECK(gnutls_x509_privkey_generate(key,   GNUTLS_PK_RSA, DH_BITS, 0));
@@ -87,7 +92,7 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx,
 				      UNIT_NAME, strlen(UNIT_NAME)));
 	TLSCHECK(gnutls_x509_crt_set_dn_by_oid(cacrt,
 				      GNUTLS_OID_X520_COMMON_NAME, 0,
-				      COMMON_NAME, strlen(COMMON_NAME)));
+				      hostname, strlen(hostname)));
 	TLSCHECK(gnutls_x509_crt_set_key(cacrt, cakey));
 	TLSCHECK(gnutls_x509_crt_set_serial(cacrt, &serial, sizeof(serial)));
 	TLSCHECK(gnutls_x509_crt_set_activation_time(cacrt, activation));
@@ -113,7 +118,7 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx,
 				      UNIT_NAME, strlen(UNIT_NAME)));
 	TLSCHECK(gnutls_x509_crt_set_dn_by_oid(crt,
 				      GNUTLS_OID_X520_COMMON_NAME, 0,
-				      COMMON_NAME, strlen(COMMON_NAME)));
+				      hostname, strlen(hostname)));
 	TLSCHECK(gnutls_x509_crt_set_key(crt, key));
 	TLSCHECK(gnutls_x509_crt_set_serial(crt, &serial, sizeof(serial)));
 	TLSCHECK(gnutls_x509_crt_set_activation_time(crt, activation));