From 91557c39e5af5529a2fcda5de3c009491a13e54f Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Mon, 8 Mar 2021 16:21:21 -0700
Subject: [PATCH] drops uniqueness requirement (#236)

---
 agent/src/Lib/Synchronizers.hs | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/agent/src/Lib/Synchronizers.hs b/agent/src/Lib/Synchronizers.hs
index bf8b7afd1..d6d4769de 100644
--- a/agent/src/Lib/Synchronizers.hs
+++ b/agent/src/Lib/Synchronizers.hs
@@ -125,6 +125,7 @@ sync_0_2_9 = Synchronizer
     , syncConvertEcdsaCerts
     , syncRestarterService
     , syncInstallEject
+    , syncDropCertificateUniqueness
     ]
 
 syncCreateAgentTmp :: SyncOp
@@ -595,6 +596,20 @@ syncUpgradeTor = SyncOp "Install Tor 0.3.5.12-1" check migrate False
             shell "apt-get update"
             shell "apt-get install -y tor=0.3.5.12-1"
 
+syncDropCertificateUniqueness :: SyncOp
+syncDropCertificateUniqueness = SyncOp "Eliminate OpenSSL unique_subject=yes" check migrate False
+    where
+        uni   = "unique_subject = no\n"
+        check = do
+            base         <- asks $ appFilesystemBase . appSettings
+            contentsRoot <- liftIO . BS.readFile . toS $ (rootCaDirectory <> "index.txt.attr") `relativeTo` base
+            contentsInt  <- liftIO . BS.readFile . toS $ (intermediateCaDirectory <> "index.txt.attr") `relativeTo` base
+            pure $ uni /= contentsRoot || uni /= contentsInt
+        migrate = do
+            base <- asks $ appFilesystemBase . appSettings
+            liftIO $ BS.writeFile (toS $ (rootCaDirectory <> "index.txt.attr") `relativeTo` base) uni
+            liftIO $ BS.writeFile (toS $ (intermediateCaDirectory <> "index.txt.attr") `relativeTo` base) uni
+
 failUpdate :: S9Error -> ExceptT Void (ReaderT AgentCtx IO) ()
 failUpdate e = do
     ref <- asks appIsUpdateFailed