From 1f8fbd0ad96393b3f07f360423d43ac8875a2a60 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Wed, 1 Jun 2016 16:29:17 +0200 Subject: Make email mandatory --- crypto.go | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) (limited to 'crypto.go') diff --git a/crypto.go b/crypto.go index 192dde8..c3771da 100644 --- a/crypto.go +++ b/crypto.go @@ -26,6 +26,7 @@ const ( var ( ErrKeyType = errors.New("unknown key type") ErrKeySize = errors.New("insufficient key size") + ErrValues = errors.New("domain(s) and email required") ) func SaveCSR(w io.Writer, csr []byte) error { @@ -99,13 +100,16 @@ func NewKey(size int) (crypto.PrivateKey, error) { var oidMailAddress = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 1} func NewCSR(key crypto.PrivateKey, altnames []string, email string) (string, error) { - tmpl := x509.CertificateRequest{DNSNames: altnames} - if email != "" { - m := pkix.AttributeTypeAndValue{ - Type: oidMailAddress, - Value: email, - } - tmpl.Subject.ExtraNames = append(tmpl.Subject.ExtraNames, m) + if len(altnames) < 1 || email == "" { + return "", ErrValues + } + tmpl := x509.CertificateRequest{ + Subject: pkix.Name{ + ExtraNames: []pkix.AttributeTypeAndValue{ + {Type: oidMailAddress, Value: email}, + }, + }, + DNSNames: altnames, } der, err := x509.CreateCertificateRequest(rand.Reader, &tmpl, key) if err != nil { -- cgit v1.2.3