aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2016-06-01 15:47:34 +0200
committerDimitri Sokolyuk <demon@dim13.org>2016-06-01 15:47:34 +0200
commitc7ca99f711f064f947e8d0c9aa4eeaa1c6a5e0c2 (patch)
treea3c9c84ef24b98c399f8e8e88abe9c6433bb2b98
parent869eb618ea3867387f6d7cd8b3d4ce615144274c (diff)
Add emailAddress
-rw-r--r--certificate.go4
-rw-r--r--crypto.go26
2 files changed, 12 insertions, 18 deletions
diff --git a/certificate.go b/certificate.go
index 26f701c..9273975 100644
--- a/certificate.go
+++ b/certificate.go
@@ -10,9 +10,9 @@ type CSR struct {
CSR string `json:"csr"`
}
-func (p *Provider) Bundle(s *Signer, key crypto.PrivateKey, altnames, emails []string) (tls.Certificate, error) {
+func (p *Provider) Bundle(s *Signer, key crypto.PrivateKey, altnames []string, email string) (tls.Certificate, error) {
cert := tls.Certificate{PrivateKey: key}
- csr, err := NewCSR(key, altnames, emails)
+ csr, err := NewCSR(key, altnames, email)
if err != nil {
return cert, err
}
diff --git a/crypto.go b/crypto.go
index 5f6cf34..366188b 100644
--- a/crypto.go
+++ b/crypto.go
@@ -98,23 +98,17 @@ func NewKey(size int) (crypto.PrivateKey, error) {
var oidMailAddress = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 1}
-func mailAttr(mail string) pkix.AttributeTypeAndValue {
- return pkix.AttributeTypeAndValue{
- Type: oidMailAddress,
- Value: mail,
- }
-}
-
-func NewCSR(key crypto.PrivateKey, altnames, emails []string) (string, error) {
- mail := mailAttr(emails[0])
- subj := pkix.Name{
- CommonName: altnames[0],
- Names: []pkix.AttributeTypeAndValue{mail},
- }
+func NewCSR(key crypto.PrivateKey, altnames []string, email string) (string, error) {
tmpl := x509.CertificateRequest{
- Subject: subj,
- DNSNames: altnames,
- EmailAddresses: emails,
+ Subject: pkix.Name{CommonName: altnames[0]},
+ DNSNames: altnames,
+ }
+ if email != "" {
+ m := pkix.AttributeTypeAndValue{
+ Type: oidMailAddress,
+ Value: email,
+ }
+ tmpl.Subject.ExtraNames = append(tmpl.Subject.ExtraNames, m)
}
der, err := x509.CreateCertificateRequest(rand.Reader, &tmpl, key)
if err != nil {