Cannot sign csr get panic error

[symgryph]

I generated a csr on an appliance I use, and when I use the following:

mkcert -csr my.test.csr

I get:

goroutine 1 [running]:
main.(*mkcert).fileNames(0xc000155f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x121fc40, 0xc000066300, 0xc00042c000, 0x46b)
	/private/tmp/mkcert-20201126-82459-i1bflq/mkcert-1.4.3/src/github.com/FiloSottile/mkcert/cert.go:177 +0x3cc
main.(*mkcert).makeCertFromCSR(0xc000155f00)
	/private/tmp/mkcert-20201126-82459-i1bflq/mkcert-1.4.3/src/github.com/FiloSottile/mkcert/cert.go:266 +0x7c8
main.(*mkcert).Run(0xc000155f00, 0xc0000121d0, 0x0, 0x0)
	/private/tmp/mkcert-20201126-82459-i1bflq/mkcert-1.4.3/src/github.com/FiloSottile/mkcert/main.go:203 +0x64a
main.main()
	/private/tmp/mkcert-20201126-82459-i1bflq/mkcert-1.4.3/src/github.com/FiloSottile/mkcert/main.go:145 +0x851

[Vaka82]

Same issue - Any suggestions..?

[Vaka82]

It's panicking @ the below code as hosts slice is empty -

Adding this before that fileNames call seem to fix this issue for me.

if len(hosts) == 0 {
hosts = []string{csr.Subject.CommonName}
}

certFile, _, _ := m.fileNames(hosts)

[gergelyzs]

i have found the same issue. I believe it is because the CSR has no SAN. If you can modify your CSR, it's easy enough to circumvent. I seem to remember that having no SAN is deprecated, so this is not entirely unexpected. For me, the CSR is coming from an old iDRAC, so no way I can change it.

Fix works because it reads the CN. @Vaka82 care to make a PR?

[adippel]

+1 encountered this just recently. dont know if using CN is the right way since using CN for domain names is not the right way. At least replacing the meaningless panic is a must.

[FiloSottile]

Fixed, thank you for the report. The feature to use the CN if there were no SANs was already there, but then it was trying to print the hosts from the CSR instead of the generated certificate.