fix: modify certificate alternate DNS duplication

Signed-off-by: zhj0811 <zhaojian@peerfintech.cn> Signed-off-by: Matthew Sykes <sykesmat@us.ibm.com>
hyperledger · Aug 3, 2020 · cce8553 · cce8553
1 parent 6e97dd0
commit cce8553
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/internal/cryptogen/ca/ca.go b/internal/cryptogen/ca/ca.go
@@ -147,7 +147,7 @@ func (ca *CA) SignCertificate(
 		if ip != nil {
 			template.IPAddresses = append(template.IPAddresses, ip)
 		} else {
-			template.DNSNames = append(template.DNSNames, alternateNames...)
+			template.DNSNames = append(template.DNSNames, san)
 		}
 	}
 

diff --git a/internal/cryptogen/ca/ca_test.go b/internal/cryptogen/ca/ca_test.go
@@ -229,12 +229,14 @@ func TestGenerateSignCertificate(t *testing.T) {
 	assert.Contains(t, cert.Subject.OrganizationalUnit, ous[1])
 
 	// make sure sans are correctly set
-	sans := []string{testName2, testIP}
+	sans := []string{testName2, testName3, testIP}
 	cert, err = rootCA.SignCertificate(certDir, testName, nil, sans, &priv.PublicKey,
 		x509.KeyUsageDigitalSignature, []x509.ExtKeyUsage{})
 	assert.NoError(t, err)
 	assert.Contains(t, cert.DNSNames, testName2)
+	assert.Contains(t, cert.DNSNames, testName3)
 	assert.Contains(t, cert.IPAddresses, net.ParseIP(testIP).To4())
+	assert.Equal(t, len(cert.DNSNames), 2)
 
 	// check to make sure the signed public key was stored
 	pemFile := filepath.Join(certDir, testName+"-cert.pem")