Properly fill CSR DNSNames or IPAddresses

2018-10-24 19:49:16 -07:00 · 2018-10-24 19:49:16 -07:00 · d7c31c3133
commit d7c31c3133
parent 1c1ac1b3fb
1 changed files with 8 additions and 1 deletions
--- a/ca/client.go
+++ b/ca/client.go
@ -15,6 +15,7 @@ import (
 	"encoding/pem"
 	"io"
 	"io/ioutil"
+	"net"
 	"net/http"
 	"net/url"
 	"strings"
@ -353,8 +354,14 @@ func CreateSignRequest(ott string) (*api.SignRequest, crypto.PrivateKey, error)
 			CommonName: claims.Subject,
 		},
 		SignatureAlgorithm: x509.ECDSAWithSHA256,
-		DNSNames:           []string{claims.Subject},
 	}
+
+	if ip := net.ParseIP(claims.Subject); ip != nil {
+		template.IPAddresses = append(template.IPAddresses, ip)
+	} else {
+		template.DNSNames = append(template.DNSNames, claims.Subject)
+	}
+
 	csr, err := x509.CreateCertificateRequest(rand.Reader, template, pk)
 	if err != nil {
 		return nil, nil, errors.Wrap(err, "error creating certificate request")