aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2016-06-01 16:29:17 +0200
committerDimitri Sokolyuk <demon@dim13.org>2016-06-01 16:29:17 +0200
commit1f8fbd0ad96393b3f07f360423d43ac8875a2a60 (patch)
tree5670b25028fd8e9a8b62bca995f43d459b2a8232
parent47cc770e483b3c0c9e088d8baf9d8076ab7a65c0 (diff)
Make email mandatory
-rw-r--r--crypto.go18
1 files changed, 11 insertions, 7 deletions
diff --git a/crypto.go b/crypto.go
index 192dde8..c3771da 100644
--- a/crypto.go
+++ b/crypto.go
@@ -26,6 +26,7 @@ const (
var (
ErrKeyType = errors.New("unknown key type")
ErrKeySize = errors.New("insufficient key size")
+ ErrValues = errors.New("domain(s) and email required")
)
func SaveCSR(w io.Writer, csr []byte) error {
@@ -99,13 +100,16 @@ func NewKey(size int) (crypto.PrivateKey, error) {
var oidMailAddress = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 1}
func NewCSR(key crypto.PrivateKey, altnames []string, email string) (string, error) {
- tmpl := x509.CertificateRequest{DNSNames: altnames}
- if email != "" {
- m := pkix.AttributeTypeAndValue{
- Type: oidMailAddress,
- Value: email,
- }
- tmpl.Subject.ExtraNames = append(tmpl.Subject.ExtraNames, m)
+ if len(altnames) < 1 || email == "" {
+ return "", ErrValues
+ }
+ tmpl := x509.CertificateRequest{
+ Subject: pkix.Name{
+ ExtraNames: []pkix.AttributeTypeAndValue{
+ {Type: oidMailAddress, Value: email},
+ },
+ },
+ DNSNames: altnames,
}
der, err := x509.CreateCertificateRequest(rand.Reader, &tmpl, key)
if err != nil {