Skip to content

ACM-PCA: Add SAN extension passthrough from CSR #8894

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 20, 2025
Merged

ACM-PCA: Add SAN extension passthrough from CSR #8894

merged 1 commit into from
May 20, 2025

Conversation

viren-nadkarni
Copy link
Contributor

@viren-nadkarni viren-nadkarni commented May 13, 2025
edited
Loading

This PR adds Subject Alternative Name (SAN) passthrough from Certificate Signing Request (CSR) to the generated certificate. This allows the user to request any SAN extension: RFC822, Directory, URI etc.

This also fixes a misconfiguration in certificate generation where the DNS SAN extension was added if CN was set. In fact, the correct approach is to pass-through SAN extensions as set in the CSR. This is true for all templates (we don't support the API pass-through i.e. the ApiPassthrough parameter)

@codecov Codecov
Copy link

codecov bot commented May 13, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.85%. Comparing base (1b21804) to head (b9eba3d).
Report is 543 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #8894      +/-   ##
==========================================
- Coverage   94.56%   92.85%   -1.71%     
==========================================
  Files        1158     1282     +124     
  Lines      100579   111879   +11300     
==========================================
+ Hits        95109   103887    +8778     
- Misses       5470     7992    +2522
Flag Coverage Δ
servertests 27.96% <25.00%> (-0.91%) ⬇️
unittests 92.83% <100.00%> (-1.71%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@viren-nadkarni viren-nadkarni marked this pull request as ready for review May 14, 2025 06:47
bblommers
bblommers approved these changes May 20, 2025
View reviewed changes
Copy link
Collaborator

@bblommers bblommers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - thanks @viren-nadkarni!

@bblommers bblommers added this to the 5.1.5 milestone May 20, 2025
@bblommers bblommers merged commit 6624d67 into getmoto:master May 20, 2025
51 of 57 checks passed
@viren-nadkarni viren-nadkarni mentioned this pull request May 21, 2025
Merged
2 tasks
@viren-nadkarni viren-nadkarni deleted the acm-pca-san branch May 21, 2025 12:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bblommers bblommers bblommers approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
5.1.5
Development

Successfully merging this pull request may close these issues.
2 participants
@viren-nadkarni @bblommers