Index: ca/etc/extensions.conf
--- ca/etc/extensions.conf.orig	2007-03-10 23:28:34 +0100
+++ ca/etc/extensions.conf	2007-08-04 18:00:31 +0200
@@ -47,7 +47,18 @@
 crlDistributionPoints   = URI:http://ca.example.com/crl-v2.crl
 certificatePolicies     = ia5org,@certpolicy
 issuerAltName		= email:ca@example.com,URI:http://ca.example.com
-subjectAltName          = @altnames 
+%ifdef EMAIL
+subjectAltName          = @altnames
+%endif
+%ifdef URI
+subjectAltName          = @altnames
+%endif
+%ifdef DNS
+subjectAltName          = @altnames
+%endif
+%ifdef IP
+subjectAltName          = @altnames
+%endif
 
 [ altnames ]
 
@@ -67,11 +78,10 @@
 [certpolicy]
 
 policyIdentifier	= 1.1.1.1.1
-## Map this to a real document in your webserver configuration
 CPS.1			= http://ca.example.com/CPS
 userNotice.1		= @notice
 
 [notice]
 
-explicitText="Limited Liability, see http://ca.example.com/CP"
+explicitText            = "Limited Liability, see http://ca.example.com/CP"
 
Index: csp
--- csp.orig	2007-03-10 23:28:34 +0100
+++ csp	2007-08-04 18:00:06 +0200
@@ -1,9 +1,14 @@
-#!/usr/bin/perl
+#!@l_prefix@/bin/perl
 
-use lib './blib/lib';
+use lib '@l_prefix@/libexec/csp';
 
 use CSP;
 use Getopt::Long;
+use Cwd;
+
+$ENV{CSPHOME} = getcwd()                 if (not defined($ENV{CSPHOME}) and -d "./csp");
+$ENV{CSPHOME} = '@l_prefix@/var/csp/ca'  if (not defined($ENV{CSPHOME}));
+$ENV{OPENSSL} = '@l_prefix@/bin/openssl' if (not defined($ENV{OPENSSL}));
 
 sub list_csp
   {
@@ -175,6 +180,9 @@
 
 my $home = $ENV{CSPHOME} || 'ca';
 
+die "Panic: Cannot write to \$CSPHOME \"$home\""
+  unless -w $home;
+
 mkdir "$home/csp",00755 unless -d "$home/csp";
 
 $name eq '--list' and