diff options
| author | Adnan Maolood <[email protected]> | 2021-03-04 20:04:46 -0500 |
|---|---|---|
| committer | Adnan Maolood <[email protected]> | 2021-03-04 20:04:46 -0500 |
| commit | 649b20659b02f0adc2595692ffa2854b19871f8c (patch) | |
| tree | 59de8bdbe316ff565391d981043ca7c58e5c2c74 | |
| parent | Revert "certificate.Store: Allow using '*' in DNSNames" (diff) | |
| download | go-gemini-649b20659b02f0adc2595692ffa2854b19871f8c.tar.xz go-gemini-649b20659b02f0adc2595692ffa2854b19871f8c.zip | |
Revert "certificate: Remove Subject from CreateOptions"v0.1.19
This reverts commit ce649ecc66ba390a5e9f95c027a15030f90c3b36.
| -rw-r--r-- | certificate/create.go | 9 | ||||
| -rw-r--r-- | certificate/store.go | 4 | ||||
| -rw-r--r-- | examples/cert.go | 4 |
3 files changed, 17 insertions, 0 deletions
diff --git a/certificate/create.go b/certificate/create.go index 7bcb13b..2d00ded 100644 --- a/certificate/create.go +++ b/certificate/create.go @@ -9,6 +9,7 @@ import ( "crypto/rand" "crypto/tls" "crypto/x509" + "crypto/x509/pkix" "encoding/pem" "math/big" "net" @@ -27,6 +28,13 @@ type CreateOptions struct { // Should contain the IP addresses that the certificate is valid for. IPAddresses []net.IP + // Subject specifies the certificate Subject. + // + // Subject.CommonName can contain the DNS name that this certificate + // is valid for. Server certificates should specify both a Subject + // and a Subject Alternate Name. + Subject pkix.Name + // Duration specifies the amount of time that the certificate is valid for. Duration time.Duration @@ -92,6 +100,7 @@ func newX509KeyPair(options CreateOptions) (*x509.Certificate, crypto.PrivateKey BasicConstraintsValid: true, IPAddresses: options.IPAddresses, DNSNames: options.DNSNames, + Subject: options.Subject, } crt, err := x509.CreateCertificate(rand.Reader, &template, &template, pub, priv) diff --git a/certificate/store.go b/certificate/store.go index 067dfcc..83e4ffe 100644 --- a/certificate/store.go +++ b/certificate/store.go @@ -3,6 +3,7 @@ package certificate import ( "crypto/tls" "crypto/x509" + "crypto/x509/pkix" "errors" "fmt" "io/fs" @@ -169,6 +170,9 @@ func (s *Store) createCertificate(scope string) (tls.Certificate, error) { } return Create(CreateOptions{ DNSNames: []string{scope}, + Subject: pkix.Name{ + CommonName: scope, + }, Duration: 250 * 365 * 24 * time.Hour, }) } diff --git a/examples/cert.go b/examples/cert.go index da07b3c..91a4be0 100644 --- a/examples/cert.go +++ b/examples/cert.go @@ -5,6 +5,7 @@ package main import ( + "crypto/x509/pkix" "fmt" "log" "os" @@ -24,6 +25,9 @@ func main() { log.Fatal(err) } options := certificate.CreateOptions{ + Subject: pkix.Name{ + CommonName: host, + }, DNSNames: []string{host}, Duration: duration, } |