mirror of https://github.com/shred/acme4j
SubjectAlternativeName should be critical for empty subject
Required by Java as well as the Baseline Requirements, RFC5280, etc. If the subject field of the certificate is an empty SEQUENCE, this extension MUST be marked critical, as specified in RFC 5280, Section 4.2.1.6. Otherwise, this extension MUST NOT be marked critical.pull/147/head
parent
1cf53b6cf4
commit
78ccae6bc9
|
@ -270,7 +270,8 @@ public final class CertificateUtils {
|
|||
var extensions = attr[0].getAttrValues().toArray();
|
||||
if (extensions.length > 0 && extensions[0] instanceof Extensions) {
|
||||
var san = GeneralNames.fromExtensions((Extensions) extensions[0], Extension.subjectAlternativeName);
|
||||
certBuilder.addExtension(Extension.subjectAlternativeName, false, san);
|
||||
var critical = csr.getSubject().getRDNs().length == 0;
|
||||
certBuilder.addExtension(Extension.subjectAlternativeName, critical, san);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -218,6 +218,7 @@ public class CSRBuilderTest {
|
|||
builder.addIdentifiers(Identifier.dns("ide2.nt"), Identifier.ip("192.168.5.6"));
|
||||
builder.addIdentifiers(Arrays.asList(Identifier.dns("ide3.nt"), Identifier.ip("192.168.5.7")));
|
||||
|
||||
builder.setCommonName("abc.de");
|
||||
builder.setCountry("XX");
|
||||
builder.setLocality("Testville");
|
||||
builder.setOrganization("Testing Co");
|
||||
|
|
Loading…
Reference in New Issue