TrueCloudLab/certificates
17
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions

backwards compat only when SANS empty

Browse source
This commit is contained in:
max furman 2019-02-04 20:02:56 -08:00
parent ab78534b08
commit 93f39c64a0
1 changed files with 6 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
authority/authorize.go
View file

@ -120,12 +120,12 @@ func (a *Authority) Authorize(ott string) ([]interface{}, error) {
http.StatusUnauthorized, errContext} http.StatusUnauthorized, errContext}
} }
// `step ca token` should generate tokens where the subject is also in the // NOTE: This is for backwards compatibility with older versions of cli
// sans. It should not be necessary to add to SANS if both certificates and // and certificates. Older versions added the token subject as the only SAN
// cli are up to date. However, for backwards compatibility we will add // in a CSR by default.
// the subject to the SANS if it is missing. if len(claims.SANS) == 0 {
claims.SANS = appendIfMissingString(claims.SANS, claims.Subject) claims.SANS = []string{claims.Subject}
}
dnsNames, ips := SplitSANS(claims.SANS) dnsNames, ips := SplitSANS(claims.SANS)
if err != nil { if err != nil {
return nil, err return nil, err
@ -170,15 +170,6 @@ func SplitSANS(sans []string) (dnsNames []string, ips []net.IP) {
return return
} }
func appendIfMissingString(slice []string, s string) []string {
for _, e := range slice {
if e == s {
return slice
}
}
return append(slice, s)
}
// authorizeRenewal tries to locate the step provisioner extension, and checks // authorizeRenewal tries to locate the step provisioner extension, and checks
// if for the configured provisioner, the renewal is enabled or not. If the // if for the configured provisioner, the renewal is enabled or not. If the
// extra extension cannot be found, authorize the renewal by default. // extra extension cannot be found, authorize the renewal by default.