Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CSR common name to SANs if no other SANs are defined in CSR #1172

Merged
merged 6 commits into from
May 9, 2024
Merged

Add CSR common name to SANs if no other SANs are defined in CSR #1172

merged 6 commits into from
May 9, 2024

Conversation

dopey
Copy link
Contributor

@dopey dopey commented May 7, 2024
edited
Loading

@dopey dopey requested review from maraino and hslatman May 7, 2024 02:28
@github-actions github-actions bot added the needs triage Waiting for discussion / prioritization by team label May 7, 2024
maraino
maraino requested changes May 7, 2024
View reviewed changes
command/certificate/sign.go Outdated
Comment on lines 449 to 460
if addCNSAN {
cnInSANs := false
for _, v := range sans {
if v == cr.Subject.CommonName {
cnInSANs = true
break
}
}
if !cnInSANs {
sans = append(sans, cr.Subject.CommonName)
}
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we want to do this only if there are no SANs.

command/certificate/sign.go Outdated
Comment on lines 182 to 187
cli.BoolTFlag{
Name: "add-cn-san",
Usage: `Ensure that Common Name from CSR subject is added to Subject Alternative
Name (SAN) extension of the certificate. This flag is enabled by default. To
disable default behavior pass the flag as '--add-cn-san=false'.`,
},
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's do something like --omit-cn-san as @hslatman suggested.

@dopey dopey requested a review from maraino May 7, 2024 17:55
hslatman
hslatman previously approved these changes May 7, 2024
View reviewed changes
Copy link
Member

@hslatman hslatman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice 😄

maraino
maraino requested changes May 7, 2024
View reviewed changes
@dopey dopey requested a review from maraino May 9, 2024 17:12
@dopey dopey merged commit e5ab833 into master May 9, 2024
13 checks passed
@dopey dopey deleted the max/common-name-name branch May 9, 2024 18:43
@hslatman hslatman added this to the v0.26.2 milestone May 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maraino maraino maraino approved these changes

@hslatman hslatman hslatman left review comments

Assignees
No one assigned
Labels
needs triage Waiting for discussion / prioritization by team
Projects
None yet
Milestone
v0.26.2
Development

Successfully merging this pull request may close these issues.

[Bug]: CN not added as SAN
3 participants
@dopey @maraino @hslatman