Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow multilevel DNS names in SAN #1503

Merged
merged 2 commits into from
Apr 21, 2021
Merged

Allow multilevel DNS names in SAN #1503

merged 2 commits into from
Apr 21, 2021

Conversation

lhannigbrinck
Copy link
Member

@lhannigbrinck lhannigbrinck commented Apr 20, 2021
edited
Loading

What:

Allow more detailed configuration of the subject alternative name (SAN) fields for certificates and certificate requests by adding more environment variables. Also allow multiple values in a single variable separated by ; for more SAN entries of a type.

Why:

For example configuring a DNS name with two level of subdomains is currently not possible currently. This is because of the way the SAN values are split within the single env variable. Configuring a DNS name like subdomainof.subdomain.example.com would result in an ip_address = "subdomainof.subdomain.example.com" entry in the template. This entry is then validated as ipv6 address instead of a DNS name and fails certtool. There may be other errors with the current approach.

How did you test it:

I created multiple self signed certificates and some CSR with different SAN combinations and verified the created SAN values manually.

Checklist:

@lhannigbrinck lhannigbrinck requested a review from a team as a code owner April 20, 2021 15:26
@lhannigbrinck
Replace inaccurate glob splitting for SAN entries
3dc0b34 
The Subject Alternative Name (SAN) environment variable is now split
into multiple variables to prevent any type of glob based typing.
Also allow defining multiple values within an SAN variable separated by
';'.
@lhannigbrinck
Add CHANGELOG entry for multilevel DNS in SAN
303f1e1
nichtsfrei
nichtsfrei requested changes Apr 21, 2021
View reviewed changes
Copy link
Member

@nichtsfrei nichtsfrei left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please resolve conflicts with 21.04 branch

@nichtsfrei nichtsfrei merged commit b2429d2 into greenbone:gvmd-21.04 Apr 21, 2021
@lhannigbrinck lhannigbrinck deleted the subject_alt_name_update branch April 21, 2021 06:54
@lhannigbrinck lhannigbrinck mentioned this pull request Jun 2, 2021
Merged
2 tasks
timopollmeier added a commit that referenced this pull request Jun 3, 2021
@timopollmeier
Merge pull request #1544 from lhannigbrinck/subject_alt_name_update_m…
c8efd3d 
…aster

Allow multilevel DNS names in SAN (Backport #1503)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nichtsfrei nichtsfrei nichtsfrei approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lhannigbrinck @nichtsfrei