From c7ca99f711f064f947e8d0c9aa4eeaa1c6a5e0c2 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Wed, 1 Jun 2016 15:47:34 +0200 Subject: Add emailAddress --- certificate.go | 4 ++-- crypto.go | 26 ++++++++++---------------- 2 files changed, 12 insertions(+), 18 deletions(-) diff --git a/certificate.go b/certificate.go index 26f701c..9273975 100644 --- a/certificate.go +++ b/certificate.go @@ -10,9 +10,9 @@ type CSR struct { CSR string `json:"csr"` } -func (p *Provider) Bundle(s *Signer, key crypto.PrivateKey, altnames, emails []string) (tls.Certificate, error) { +func (p *Provider) Bundle(s *Signer, key crypto.PrivateKey, altnames []string, email string) (tls.Certificate, error) { cert := tls.Certificate{PrivateKey: key} - csr, err := NewCSR(key, altnames, emails) + csr, err := NewCSR(key, altnames, email) if err != nil { return cert, err } diff --git a/crypto.go b/crypto.go index 5f6cf34..366188b 100644 --- a/crypto.go +++ b/crypto.go @@ -98,23 +98,17 @@ func NewKey(size int) (crypto.PrivateKey, error) { var oidMailAddress = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 1} -func mailAttr(mail string) pkix.AttributeTypeAndValue { - return pkix.AttributeTypeAndValue{ - Type: oidMailAddress, - Value: mail, - } -} - -func NewCSR(key crypto.PrivateKey, altnames, emails []string) (string, error) { - mail := mailAttr(emails[0]) - subj := pkix.Name{ - CommonName: altnames[0], - Names: []pkix.AttributeTypeAndValue{mail}, - } +func NewCSR(key crypto.PrivateKey, altnames []string, email string) (string, error) { tmpl := x509.CertificateRequest{ - Subject: subj, - DNSNames: altnames, - EmailAddresses: emails, + Subject: pkix.Name{CommonName: altnames[0]}, + DNSNames: altnames, + } + if email != "" { + m := pkix.AttributeTypeAndValue{ + Type: oidMailAddress, + Value: email, + } + tmpl.Subject.ExtraNames = append(tmpl.Subject.ExtraNames, m) } der, err := x509.CreateCertificateRequest(rand.Reader, &tmpl, key) if err != nil { -- cgit v1.2.3