From 846b2654300510f29805b146054685682d0c48f1 Mon Sep 17 00:00:00 2001
From: Jakob Borg <jakob@kastelo.net>
Date: Mon, 9 Nov 2020 17:02:56 +0100
Subject: [PATCH] lib/tlsutil: Add O and OU to generated certificates (fixes
 #7108) (#7109)

---
 lib/tlsutil/tlsutil.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/tlsutil/tlsutil.go b/lib/tlsutil/tlsutil.go
index f65c35c75..e84882f47 100644
--- a/lib/tlsutil/tlsutil.go
+++ b/lib/tlsutil/tlsutil.go
@@ -99,12 +99,15 @@ func NewCertificate(certFile, keyFile, commonName string, lifetimeDays int) (tls
 	notBefore := time.Now().Truncate(24 * time.Hour)
 	notAfter := notBefore.Add(time.Duration(lifetimeDays*24) * time.Hour)
 
-	// NOTE: update checkExpiry() appropriately if you add or change attributes
-	// in here, especially DNSNames or IPAddresses.
+	// NOTE: update lib/api.shouldRegenerateCertificate() appropriately if
+	// you add or change attributes in here, especially DNSNames or
+	// IPAddresses.
 	template := x509.Certificate{
 		SerialNumber: new(big.Int).SetUint64(rand.Uint64()),
 		Subject: pkix.Name{
-			CommonName: commonName,
+			CommonName:         commonName,
+			Organization:       []string{"Syncthing"},
+			OrganizationalUnit: []string{"Automatically Generated"},
 		},
 		DNSNames:              []string{commonName},
 		NotBefore:             notBefore,