New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Common Name support has been added for acme.crypto_util.make_csr() #5837
base: master
Are you sure you want to change the base?
Conversation
Hi @ZenSecurity , Thanks! Do you have a particular way that you'd like to see this functionality get used in Certbot, or another client where you would like to use it? I know users sometimes ask us about how to cause a particular name to be displayed in the |
This feature will be useful for python developers, who use bare acme library without certbot client, like i do. It will help to integrate letsencrypt more easily into complicated infrastructure. |
@schoen, looks like you're on top of reviewing this. Just wanted to point out that different clients sometimes have different behavior around when certs do an do not have a common name set and when SANs are or aren't set, so we might want to consider that when making the change to always set the common name. |
Any updates ? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, that sounds fine! Would it be safer to also add a check asserting that common_name
is an element of subject_alt_names
?
What do you think about backward compatibility (https://www.digicert.com/subject-alternative-name-compatibility.htm), maybe we need more accurate checks, especially for wildcards ? |
With help of this commit we can set "common_name" manually in make_csr(), or just use first domain from "subject_alt_names" list if "common_name" is empty.