Properly fill CSR DNSNames or IPAddresses

This commit is contained in:
Mariano Cano 2018-10-24 19:49:16 -07:00
parent 1c1ac1b3fb
commit d7c31c3133

View file

@ -15,6 +15,7 @@ import (
"encoding/pem"
"io"
"io/ioutil"
"net"
"net/http"
"net/url"
"strings"
@ -353,8 +354,14 @@ func CreateSignRequest(ott string) (*api.SignRequest, crypto.PrivateKey, error)
CommonName: claims.Subject,
},
SignatureAlgorithm: x509.ECDSAWithSHA256,
DNSNames: []string{claims.Subject},
}
if ip := net.ParseIP(claims.Subject); ip != nil {
template.IPAddresses = append(template.IPAddresses, ip)
} else {
template.DNSNames = append(template.DNSNames, claims.Subject)
}
csr, err := x509.CreateCertificateRequest(rand.Reader, template, pk)
if err != nil {
return nil, nil, errors.Wrap(err, "error creating certificate request")