add altname to CSR

2024-10-06 10:13:28 +01:00
parent 197e2eb5b1
commit 1a915e91ff
1 changed files with 9 additions and 0 deletions
--- a/pkgs/certifix-client/certifix-client.fnl
+++ b/pkgs/certifix-client/certifix-client.fnl
@@ -3,6 +3,7 @@

 (local ctx (require :openssl.ssl.context))
 (local csr (require :openssl.x509.csr))
+(local altname (require :openssl.x509.altname))
 (local pkey (require :openssl.pkey))
 (local xn (require :openssl.x509.name))

@@ -21,6 +22,13 @@
        (n:add k v)))
    n))

+(fn x509-altname [subj]
+  (let [an (altname.new)]
+    (each [_ c (ipairs (split "," subj))]
+      (let [(k v) (string.match c "(.-)=(.+)")]
+        (if (= k "CN") (an:add "DNS" v))))
+    an))
+
 (fn parse-args [args]
  (case args
    ["--secret" secret & rest]
@@ -49,6 +57,7 @@
  (doto (csr.new)
    (: :setVersion 3)
    (: :setSubject (x509-name options.subject))
+    (: :setSubjectAlt (x509-altname options.subject))
    (: :setPublicKey pk)
    (: :addAttribute :challengePassword [options.secret])
    (: :sign pk)))