From 50a74251e0be6b6bfa39d75bd6ef18f7498ca709 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Richard=20K=C3=B6rber?= <github@shredzone.org>
Date: Fri, 24 Nov 2023 11:18:45 +0100
Subject: [PATCH] setCommonName() sets CN only

---
 .../org/shredzone/acme4j/util/CSRBuilder.java     | 15 ++++++++-------
 src/doc/docs/migration.md                         |  4 ++++
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/util/CSRBuilder.java b/acme4j-client/src/main/java/org/shredzone/acme4j/util/CSRBuilder.java
index 5e0bc84b..49688da0 100644
--- a/acme4j-client/src/main/java/org/shredzone/acme4j/util/CSRBuilder.java
+++ b/acme4j-client/src/main/java/org/shredzone/acme4j/util/CSRBuilder.java
@@ -64,18 +64,17 @@ public class CSRBuilder {
     private final List<String> namelist = new ArrayList<>();
     private final List<InetAddress> iplist = new ArrayList<>();
     private @Nullable PKCS10CertificationRequest csr = null;
-    
+
     /**
-     * Adds a domain name to the CSR. The first domain name added will also be the
-     * <em>Common Name</em>. All domain names will be added as <em>Subject Alternative
-     * Name</em>.
+     * Adds a domain name to the CSR. All domain names will be added as <em>Subject
+     * Alternative Name</em>.
      * <p>
      * IDN domain names are ACE encoded automatically.
      * <p>
      * For wildcard certificates, the domain name must be prefixed with {@code "*."}.
      *
      * @param domain
-     *            Domain name to add
+     *         Domain name to add
      */
     public void addDomain(String domain) {
         namelist.add(toAce(requireNonNull(domain)));
@@ -218,12 +217,14 @@ public class CSRBuilder {
     }
 
     /**
-     * Sets the common name
+     * Sets the common name.
      * <p>
      * Note that it is at the discretion of the ACME server to accept this parameter.
+     *
+     * @since 3.2.0
      */
     public void setCommonName(String cn) {
-        addValue(BCStyle.CN, cn);
+        namebuilder.addRDN(BCStyle.CN, requireNonNull(cn));
     }
 
     /**
diff --git a/src/doc/docs/migration.md b/src/doc/docs/migration.md
index ce505de6..9f211461 100644
--- a/src/doc/docs/migration.md
+++ b/src/doc/docs/migration.md
@@ -2,6 +2,10 @@
 
 This document will help you migrate your code to the latest _acme4j_ version.
 
+## Migration to Version 3.2.0
+
+- Starting with this version, the `CSRBuilder` won't add the first domain as common name automatically. This permits the issuance of very long domain names, and should have no negative impact otherwise, as this field is usually ignored by CAs anyway. If you should encounter a problem here, you can use `CSRBuilder.setCommonName()` to set the first domain as common name manually. Discussion see [here](https://community.letsencrypt.org/t/questions-re-simplifying-issuance-for-very-long-domain-names/207925/11).
+
 ## Migration to Version 3.0.0
 
 Although acme4j has made a major version bump, the migration of your code should be done in a few minutes for most of you.