From b8aa782dd253f3f695c71dd5fd692080a099ea22 Mon Sep 17 00:00:00 2001 From: Rodolphe Breard Date: Sun, 28 Apr 2019 12:55:05 +0200 Subject: [PATCH] Use the native openssl methods for SAN construction The openssl crate does support having multiple DNS entries in the SAN extension, there is no need to re-implement it. --- acmed/src/acme_proto/certificate.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/acmed/src/acme_proto/certificate.rs b/acmed/src/acme_proto/certificate.rs index 4a84d78..0a3cf12 100644 --- a/acmed/src/acme_proto/certificate.rs +++ b/acmed/src/acme_proto/certificate.rs @@ -42,11 +42,14 @@ pub fn generate_csr( priv_key: &PKey, pub_key: &PKey, ) -> Result { - let domains = cert.domains.join(", DNS:"); let mut builder = X509ReqBuilder::new()?; builder.set_pubkey(pub_key)?; let ctx = builder.x509v3_context(None); - let san = SubjectAlternativeName::new().dns(&domains).build(&ctx)?; + let mut san = SubjectAlternativeName::new(); + for name in cert.domains.iter() { + san.dns(&name); + } + let san = san.build(&ctx)?; let mut ext_stack = Stack::new()?; ext_stack.push(san)?; builder.add_extensions(&ext_stack)?;