simp_le icon indicating copy to clipboard operation
simp_le copied to clipboard

Published 20 hours ago verified publisher icon kuba

Retain Order of Domains

Open zx2c4 opened this issue 9 years ago • 4 comments

For certificates that authenticate multiple sites, I'd like to specify which domain goes in the CN field. This should probably be the first -d domain specified. But since simp_le uses a dictionary, the ordering provided by the user is lost.

Could you have the ordering of -d be preserved, or add another switch to specify explicitly which domain should be in the CN?

Thanks.

zx2c4 avatar Feb 09 '16 13:02 zx2c4

It should be enough to change the dict in https://github.com/kuba/simp_le/blob/master/simp_le.py#L1273 to an OrderedDict.

trunneml avatar Feb 21 '16 16:02 trunneml

FWIW, if there is a domain name SAN, then the contents of the CN are (should be) ignored: this is mentioned in RFC2818 (section 3.1), and also in RFC6125 (section 6.4.4).

Also, I think the ordering of the entries in the SAN list is fixed by the DER encoding rules for SETs.

I think that, between those two things, it would make more sense to simply have an option to specify the contents of the CN, or perhaps the entire subject distinguished name. If you have web clients from the 1990s that require a hostname there, you can specify the one you like.

wiml avatar Feb 21 '16 23:02 wiml

Either way works well for me. I think I like the idea of having an explicit option the best though.

zx2c4 avatar Feb 21 '16 23:02 zx2c4

This will be WONTFIX obsolete as of #105.

kuba avatar Apr 17 '16 21:04 kuba