GithubHelp home page GithubHelp logo

CSR creation with CN only about acme HOT 5 CLOSED

dol avatar dol commented on August 17, 2024
CSR creation with CN only

from acme.

Comments (5)

kelunik avatar kelunik commented on August 17, 2024

You're right, it could be reduced. The reason I put these values there is that otherwise it would be prefilled with strange values, that might not be the case with the always passed config now anymore.

Are there any known issues when adding additional properties?

from acme.

kelunik avatar kelunik commented on August 17, 2024

I think I will move the CSR generation out of that method anyway with 0.4.0

from acme.

dol avatar dol commented on August 17, 2024

Are there any known issues when adding additional properties?

The only issue I see is that to much information sent to the the ACME server. The current spec states the following:

The CSR encodes the client’s requests with regard to the content of the certificate to be issued. The CSR MUST indicate the requested identifiers, either in the commonName portion of the requested subject name, or in an extensionRequest attribute [RFC2985] requesting a subjectAltName extension.

If you extract the CSR generation a little hint. The CSR generation could also be done with a environment variable (kind of a strange thing built into the core of OpenSSL, but avoids the need of generating a temporary file). See https://gist.github.com/dol/e0b7f084e2e7158efc87 as an example.
An other hint. When using heredoc notation, I prefer the nowdoc notation to prevent possible inclusion of PHP variables. Most of the time heredoc ist just fine. It's only a security precaution.

from acme.

kelunik avatar kelunik commented on August 17, 2024

The current spec states the following

It doesn't say anything about additional fields.

See https://gist.github.com/dol/e0b7f084e2e7158efc87 as an example.

That's really strange, don't know which method I prefer.

An other hint. When using heredoc notation, I prefer the nowdoc notation to prevent possible inclusion of PHP variables. Most of the time heredoc ist just fine. It's only a security precaution.

Don't know which editor / IDE you use, but mine highlights variables in there, so accidental inclusion isn't that likely to happen. Additionally, it would also throw a notice because of undefined variables probably. :-)

from acme.

dol avatar dol commented on August 17, 2024

It's a matter of taste. Can't argue with that. ;-)

from acme.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.