Allow client to include aliases in enrollment request

[bensallen]

Allow the client to include multiple alias hostnames in its enrollment request, where the additional hostnames are added as aliases in known_hosts output. This will be useful for multi-homed clients. The aliases should be validated against the client SSL cert.

[mcpherrinm]

👍

[christodenny]

What's recommended? Should different aliases all be submitted in the url or in a header tag?

[bensallen]

@christodenny The body could be changed to JSON and the client's pub key and aliases marshaled. Otherwise I'd say a header tag sounds cleaner than using the URL.

[mcpherrinm]

I would tend to prefer just putting them in the URL, but headers or JSON could be fine too.

If I have a spare moment, I might get to this task this week or the next.

We're going to add a server-side configuration too, where a hardcoded mapping of hosts => aliases can be added (we have a small-ish number of ones that aren't on TLS certs, so that's the easiest bodge for us)

[bensallen]

For passing aliases via the URL, do you imagine that we'd join the list of aliases on a given separator? Then pass the joined list as a single variable in the URL, or is there a more clever way todo this?