Skip to content

Commit

Permalink
Lowercase CN in all code paths (#6824)
Browse files Browse the repository at this point in the history 
When returning a CN from csr.NamesFromCSR, ensure that we call
strings.ToLower on that name in all return paths. This prevents us from
running into lint failures (and therefore refusing to issue) when an
applicant submits a CSR containing uppercase SANs and no explicit CN.
  • Loading branch information
@aarongable
aarongable authored Apr 17, 2023
1 parent 7c1f101 commit 276978a
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
2 changes: 1 addition & 1 deletion csr/csr.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ func NamesFromCSR(csr *x509.CertificateRequest) names {
// which is shorter than the the maximum acceptable CN length (if any).
for _, name := range sans {
if len(name) <= maxCNLength {
return names{SANs: core.UniqueLowerNames(sans), CN: name}
return names{SANs: core.UniqueLowerNames(sans), CN: strings.ToLower(name)}
}
}

Expand Down
8 changes: 8 additions & 0 deletions csr/csr_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,14 @@ func TestNamesFromCSR(t *testing.T) {
"a.com",
[]string{"a.com"},
},
{
"no explicit CN, uppercase SAN",
&x509.CertificateRequest{DNSNames: []string{
"A.com",
}},
"a.com",
[]string{"a.com"},
},
{
"no explicit CN, too long leading SANs",
&x509.CertificateRequest{DNSNames: []string{
Expand Down

0 comments on commit 276978a

Please sign in to comment.