forked from TrueCloudLab/certificates
backwards compat only when SANS empty
This commit is contained in:
max furman
parent
ab78534b08
commit
93f39c64a0
1 changed files with 6 additions and 15 deletions
|
|
@ -120,12 +120,12 @@ func (a *Authority) Authorize(ott string) ([]interface{}, error) {
|
|||
http.StatusUnauthorized, errContext}
|
||||
}
|
||||
|
||||
// `step ca token` should generate tokens where the subject is also in the
|
||||
// sans. It should not be necessary to add to SANS if both certificates and
|
||||
// cli are up to date. However, for backwards compatibility we will add
|
||||
// the subject to the SANS if it is missing.
|
||||
claims.SANS = appendIfMissingString(claims.SANS, claims.Subject)
|
||||
|
||||
// NOTE: This is for backwards compatibility with older versions of cli
|
||||
// and certificates. Older versions added the token subject as the only SAN
|
||||
// in a CSR by default.
|
||||
if len(claims.SANS) == 0 {
|
||||
claims.SANS = []string{claims.Subject}
|
||||
}
|
||||
dnsNames, ips := SplitSANS(claims.SANS)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -170,15 +170,6 @@ func SplitSANS(sans []string) (dnsNames []string, ips []net.IP) {
|
|||
return
|
||||
}
|
||||
|
||||
func appendIfMissingString(slice []string, s string) []string {
|
||||
for _, e := range slice {
|
||||
if e == s {
|
||||
return slice
|
||||
}
|
||||
}
|
||||
return append(slice, s)
|
||||
}
|
||||
|
||||
// authorizeRenewal tries to locate the step provisioner extension, and checks
|
||||
// if for the configured provisioner, the renewal is enabled or not. If the
|
||||
// extra extension cannot be found, authorize the renewal by default.
|
||||
|
|
|
|||
Loading…
Reference in a new issue