When issuing client certificates, I configure the CN (Common Name) as the User ID and SANs (Subject Alternative Names) as the User email. However, in the database, only the Domain Name (DNSName) is saved in the SANs field, ignoring other types like Email, IP Address, and URI. The issue seems to originate from the following code snippet in local.go:
$ git diff signer/local/local.go
diff --git a/signer/local/local.go b/signer/local/local.go
index 091ce79c..c5c85d9a 100644
--- a/signer/local/local.go
+++ b/signer/local/local.go
@@ -525,7 +525,22 @@ func (s *Signer) Sign(req signer.SignRequest) (cert []byte, err error) {
if err := certRecord.SetMetadata(req.Metadata); err != nil {
return nil, err
}
- if err := certRecord.SetSANs(certTBS.DNSNames); err != nil {
+
+ var ipStrings []string
+ for _, ip := range certTBS.IPAddresses {
+ ipStrings = append(ipStrings, ip.String())
+ }
+
+ var uriStrings []string
+ for _, uri := range certTBS.URIs {
+ uriStrings = append(uriStrings, uri.String())
+ }
+
+ allSANs := append(certTBS.DNSNames, certTBS.EmailAddresses...)
+ allSANs = append(allSANs, ipStrings...)
+ allSANs = append(allSANs, uriStrings...)
+
+ if err := certRecord.SetSANs(allSANs); err != nil {
return nil, err
}
$
Please advise on how to modify the code to include all SANs types.
When issuing client certificates, I configure the CN (Common Name) as the User ID and SANs (Subject Alternative Names) as the User email. However, in the database, only the Domain Name (DNSName) is saved in the SANs field, ignoring other types like Email, IP Address, and URI. The issue seems to originate from the following code snippet in local.go:
Please advise on how to modify the code to include all SANs types.