aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2016-06-05 22:21:21 +0200
committerDimitri Sokolyuk <demon@dim13.org>2016-06-05 22:21:21 +0200
commite6e89fbebc8b585d7b94519993ab472d702394b4 (patch)
tree7b4883b96b9beabfa9b5ecf3a0ab7e6ce48fd10f
parentc1bbfede72bf9b81a8be2eb52dbedc964e837667 (diff)
Strip mail OID, as it gets filtered
-rw-r--r--certificate.go4
-rw-r--r--cmd/acme/main.go6
-rw-r--r--cmd/batch/main.go8
-rw-r--r--crypto.go29
4 files changed, 9 insertions, 38 deletions
diff --git a/certificate.go b/certificate.go
index 992acb7..90508c1 100644
--- a/certificate.go
+++ b/certificate.go
@@ -10,9 +10,9 @@ type CSR struct {
CSR string `json:"csr"`
}
-func (p *Provider) Bundle(key crypto.PrivateKey, altnames []string, email string) (tls.Certificate, error) {
+func (p *Provider) Bundle(key crypto.PrivateKey, altnames []string) (tls.Certificate, error) {
cert := tls.Certificate{PrivateKey: key}
- csr, err := NewCSR(key, altnames, email)
+ csr, err := NewCSR(key, altnames)
if err != nil {
return cert, err
}
diff --git a/cmd/acme/main.go b/cmd/acme/main.go
index cac04e2..1a7aa78 100644
--- a/cmd/acme/main.go
+++ b/cmd/acme/main.go
@@ -48,7 +48,7 @@ func register(d desire, dir string) (crypto.PrivateKey, error) {
return key, nil
}
-func requestCert(prov *acme.Provider, d domain, mail string) error {
+func requestCert(prov *acme.Provider, d domain) error {
c, err := d.Load()
if err != nil {
c.PrivateKey, err = acme.NewKey(d.KeySize)
@@ -83,7 +83,7 @@ func requestCert(prov *acme.Provider, d domain, mail string) error {
}
log.Println("Request bundle for", d.Altnames)
- cert, err := prov.Bundle(c.PrivateKey, d.Altnames, mail)
+ cert, err := prov.Bundle(c.PrivateKey, d.Altnames)
if err != nil {
return err
}
@@ -137,7 +137,7 @@ func main() {
}
for _, dom := range d.Domain {
- if err := requestCert(prov, dom, d.Mail); err != nil {
+ if err := requestCert(prov, dom); err != nil {
log.Fatal(err)
}
}
diff --git a/cmd/batch/main.go b/cmd/batch/main.go
index 58f437e..a637fe2 100644
--- a/cmd/batch/main.go
+++ b/cmd/batch/main.go
@@ -36,11 +36,7 @@ func main() {
log.Println("Skip", c)
continue
}
- mail := acme.GetMail(c.Leaf)
- if mail == "" {
- continue
- }
- csr, err := acme.NewCSR(c.PrivateKey, c.Leaf.DNSNames, mail)
+ csr, err := acme.NewCSR(c.PrivateKey, c.Leaf.DNSNames)
if err != nil {
log.Println(err)
continue
@@ -81,7 +77,7 @@ func main() {
}
log.Println("Request bundle for", *domains)
- cert, err := prov.Bundle(key, *domains, *email)
+ cert, err := prov.Bundle(key, *domains)
if err != nil {
log.Fatal(err)
}
diff --git a/crypto.go b/crypto.go
index d0ea41e..9fed806 100644
--- a/crypto.go
+++ b/crypto.go
@@ -7,8 +7,6 @@ import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
- "crypto/x509/pkix"
- "encoding/asn1"
"encoding/base64"
"encoding/pem"
"errors"
@@ -28,7 +26,6 @@ const (
var (
ErrKeyType = errors.New("unknown key type")
ErrKeySize = errors.New("insufficient key size")
- ErrValues = errors.New("domain(s) and email required")
)
func SaveCSR(w io.Writer, csr []byte) error {
@@ -101,16 +98,6 @@ func LoadCerts(r io.Reader) ([]*x509.Certificate, error) {
return x509.ParseCertificates(block.Bytes)
}
-// GetMail returns emailAddress embedded in certificate
-func GetMail(cert *x509.Certificate) string {
- for _, n := range cert.Subject.Names {
- if n.Type.Equal(oidMailAddress) {
- return n.Value.(string)
- }
- }
- return ""
-}
-
// NewKey generates a new private key, supported keysizes are:
// EC keys: 224, 256, 384, 521
// RSA keys: 1024, 1536, 2048, 4096, 8192
@@ -135,20 +122,8 @@ func NewKey(size int) (crypto.PrivateKey, error) {
}
}
-var oidMailAddress = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 1}
-
-func NewCSR(key crypto.PrivateKey, altnames []string, email string) (string, error) {
- if len(altnames) < 1 || email == "" {
- return "", ErrValues
- }
- tmpl := x509.CertificateRequest{
- Subject: pkix.Name{
- ExtraNames: []pkix.AttributeTypeAndValue{
- {Type: oidMailAddress, Value: email},
- },
- },
- DNSNames: altnames,
- }
+func NewCSR(key crypto.PrivateKey, altnames []string) (string, error) {
+ tmpl := x509.CertificateRequest{DNSNames: altnames}
der, err := x509.CreateCertificateRequest(rand.Reader, &tmpl, key)
if err != nil {
return "", err