tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5554 from Icinga/feature/cn-check-for-san 

Add subjectAltName extension for all non-CA certificates
This commit is contained in:
Michael Friedrich 2017-10-10 17:50:01 +02:00 committed by GitHub
parent ff570ad060 3385122bc3
commit 9a04a99400
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/base/tlsutility.cpp
View File

@ -405,7 +405,7 @@ int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile,
X509_NAME *name = X509_REQ_get_subject_name(req);
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (unsigned char *)cn.CStr(), -1, -1, 0);
if (!cn.Contains(" ") && cn.Contains(".")) {
if (!ca) {
String san = "DNS:" + cn;
X509_EXTENSION *subjectAltNameExt = X509V3_EXT_conf_nid(NULL, NULL, NID_subject_alt_name, const_cast<char *>(san.CStr()));
if (subjectAltNameExt) {
@ -518,7 +518,7 @@ boost::shared_ptr<X509> CreateCert(EVP_PKEY *pubkey, X509_NAME *subject, X509_NA
String cn = GetX509NameCN(subject);
if (!cn.Contains(" ") && cn.Contains(".")) {
if (!ca) {
String san = "DNS:" + cn;
X509_EXTENSION *subjectAltNameExt = X509V3_EXT_conf_nid(NULL, &ctx, NID_subject_alt_name, const_cast<char *>(san.CStr()));
if (subjectAltNameExt) {