alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Properly fill CSR DNSNames or IPAddresses

Browse source
This commit is contained in:
Mariano Cano 2018-10-24 19:49:16 -07:00
parent 1c1ac1b3fb
commit d7c31c3133
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
ca/client.go
View file

@ -15,6 +15,7 @@ import (
"encoding/pem" "encoding/pem"
"io" "io"
"io/ioutil" "io/ioutil"
"net"
"net/http" "net/http"
"net/url" "net/url"
"strings" "strings"
@ -353,8 +354,14 @@ func CreateSignRequest(ott string) (*api.SignRequest, crypto.PrivateKey, error)
CommonName: claims.Subject, CommonName: claims.Subject,
}, },
SignatureAlgorithm: x509.ECDSAWithSHA256, SignatureAlgorithm: x509.ECDSAWithSHA256,
DNSNames: []string{claims.Subject},
} }
if ip := net.ParseIP(claims.Subject); ip != nil {
template.IPAddresses = append(template.IPAddresses, ip)
} else {
template.DNSNames = append(template.DNSNames, claims.Subject)
}
csr, err := x509.CreateCertificateRequest(rand.Reader, template, pk) csr, err := x509.CreateCertificateRequest(rand.Reader, template, pk)
if err != nil { if err != nil {
return nil, nil, errors.Wrap(err, "error creating certificate request") return nil, nil, errors.Wrap(err, "error creating certificate request")