From e6e89fbebc8b585d7b94519993ab472d702394b4 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Sun, 5 Jun 2016 22:21:21 +0200 Subject: Strip mail OID, as it gets filtered --- certificate.go | 4 ++-- cmd/acme/main.go | 6 +++--- cmd/batch/main.go | 8 ++------ crypto.go | 29 ++--------------------------- 4 files changed, 9 insertions(+), 38 deletions(-) diff --git a/certificate.go b/certificate.go index 992acb7..90508c1 100644 --- a/certificate.go +++ b/certificate.go @@ -10,9 +10,9 @@ type CSR struct { CSR string `json:"csr"` } -func (p *Provider) Bundle(key crypto.PrivateKey, altnames []string, email string) (tls.Certificate, error) { +func (p *Provider) Bundle(key crypto.PrivateKey, altnames []string) (tls.Certificate, error) { cert := tls.Certificate{PrivateKey: key} - csr, err := NewCSR(key, altnames, email) + csr, err := NewCSR(key, altnames) if err != nil { return cert, err } diff --git a/cmd/acme/main.go b/cmd/acme/main.go index cac04e2..1a7aa78 100644 --- a/cmd/acme/main.go +++ b/cmd/acme/main.go @@ -48,7 +48,7 @@ func register(d desire, dir string) (crypto.PrivateKey, error) { return key, nil } -func requestCert(prov *acme.Provider, d domain, mail string) error { +func requestCert(prov *acme.Provider, d domain) error { c, err := d.Load() if err != nil { c.PrivateKey, err = acme.NewKey(d.KeySize) @@ -83,7 +83,7 @@ func requestCert(prov *acme.Provider, d domain, mail string) error { } log.Println("Request bundle for", d.Altnames) - cert, err := prov.Bundle(c.PrivateKey, d.Altnames, mail) + cert, err := prov.Bundle(c.PrivateKey, d.Altnames) if err != nil { return err } @@ -137,7 +137,7 @@ func main() { } for _, dom := range d.Domain { - if err := requestCert(prov, dom, d.Mail); err != nil { + if err := requestCert(prov, dom); err != nil { log.Fatal(err) } } diff --git a/cmd/batch/main.go b/cmd/batch/main.go index 58f437e..a637fe2 100644 --- a/cmd/batch/main.go +++ b/cmd/batch/main.go @@ -36,11 +36,7 @@ func main() { log.Println("Skip", c) continue } - mail := acme.GetMail(c.Leaf) - if mail == "" { - continue - } - csr, err := acme.NewCSR(c.PrivateKey, c.Leaf.DNSNames, mail) + csr, err := acme.NewCSR(c.PrivateKey, c.Leaf.DNSNames) if err != nil { log.Println(err) continue @@ -81,7 +77,7 @@ func main() { } log.Println("Request bundle for", *domains) - cert, err := prov.Bundle(key, *domains, *email) + cert, err := prov.Bundle(key, *domains) if err != nil { log.Fatal(err) } diff --git a/crypto.go b/crypto.go index d0ea41e..9fed806 100644 --- a/crypto.go +++ b/crypto.go @@ -7,8 +7,6 @@ import ( "crypto/rand" "crypto/rsa" "crypto/x509" - "crypto/x509/pkix" - "encoding/asn1" "encoding/base64" "encoding/pem" "errors" @@ -28,7 +26,6 @@ const ( var ( ErrKeyType = errors.New("unknown key type") ErrKeySize = errors.New("insufficient key size") - ErrValues = errors.New("domain(s) and email required") ) func SaveCSR(w io.Writer, csr []byte) error { @@ -101,16 +98,6 @@ func LoadCerts(r io.Reader) ([]*x509.Certificate, error) { return x509.ParseCertificates(block.Bytes) } -// GetMail returns emailAddress embedded in certificate -func GetMail(cert *x509.Certificate) string { - for _, n := range cert.Subject.Names { - if n.Type.Equal(oidMailAddress) { - return n.Value.(string) - } - } - return "" -} - // NewKey generates a new private key, supported keysizes are: // EC keys: 224, 256, 384, 521 // RSA keys: 1024, 1536, 2048, 4096, 8192 @@ -135,20 +122,8 @@ func NewKey(size int) (crypto.PrivateKey, error) { } } -var oidMailAddress = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 1} - -func NewCSR(key crypto.PrivateKey, altnames []string, email string) (string, error) { - if len(altnames) < 1 || email == "" { - return "", ErrValues - } - tmpl := x509.CertificateRequest{ - Subject: pkix.Name{ - ExtraNames: []pkix.AttributeTypeAndValue{ - {Type: oidMailAddress, Value: email}, - }, - }, - DNSNames: altnames, - } +func NewCSR(key crypto.PrivateKey, altnames []string) (string, error) { + tmpl := x509.CertificateRequest{DNSNames: altnames} der, err := x509.CreateCertificateRequest(rand.Reader, &tmpl, key) if err != nil { return "", err -- cgit v1.2.3