From d7c31c3133809c70f8df9d81daf9413720ecd249 Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano@smallstep.com>
Date: Wed, 24 Oct 2018 19:49:16 -0700
Subject: [PATCH] Properly fill CSR DNSNames or IPAddresses

---
 ca/client.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/ca/client.go b/ca/client.go
index 38566781..a2451000 100644
--- a/ca/client.go
+++ b/ca/client.go
@@ -15,6 +15,7 @@ import (
 	"encoding/pem"
 	"io"
 	"io/ioutil"
+	"net"
 	"net/http"
 	"net/url"
 	"strings"
@@ -353,8 +354,14 @@ func CreateSignRequest(ott string) (*api.SignRequest, crypto.PrivateKey, error)
 			CommonName: claims.Subject,
 		},
 		SignatureAlgorithm: x509.ECDSAWithSHA256,
-		DNSNames:           []string{claims.Subject},
 	}
+
+	if ip := net.ParseIP(claims.Subject); ip != nil {
+		template.IPAddresses = append(template.IPAddresses, ip)
+	} else {
+		template.DNSNames = append(template.DNSNames, claims.Subject)
+	}
+
 	csr, err := x509.CreateCertificateRequest(rand.Reader, template, pk)
 	if err != nil {
 		return nil, nil, errors.Wrap(err, "error creating certificate request")