mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Remove the requirement for CSR to have a common name.

Browse source 
Fixes #226
This commit is contained in:
Mariano Cano 2020-04-20 10:43:33 -07:00
parent bcc5a91d17
commit 13507efb35
1 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
authority/provisioner/sign_options.go
View file

@ -108,9 +108,10 @@ func (v defaultPublicKeyValidator) Valid(req *x509.CertificateRequest) error {
type commonNameValidator string
// Valid checks that certificate request common name matches the one configured.
// An empty common name is considered valid.
func (v commonNameValidator) Valid(req *x509.CertificateRequest) error {
if req.Subject.CommonName == "" {
return errors.New("certificate request cannot contain an empty common name")
return nil
}
if req.Subject.CommonName != string(v) {
return errors.Errorf("certificate request does not contain the valid common name; requested common name = %s, token subject = %s", req.Subject.CommonName, v)
@ -118,12 +119,13 @@ func (v commonNameValidator) Valid(req *x509.CertificateRequest) error {
return nil
}
// commonNameSliceValidator validates thats the common name of a certificate request is present in the slice.
// commonNameSliceValidator validates thats the common name of a certificate
// request is present in the slice. An empty common name is considered valid.
type commonNameSliceValidator []string
func (v commonNameSliceValidator) Valid(req *x509.CertificateRequest) error {
if req.Subject.CommonName == "" {
return errors.New("certificate request cannot contain an empty common name")
return nil
}
for _, cn := range v {
if req.Subject.CommonName == cn {