Add option to disable owner email address in CSR subject (#939)
This commit is contained in:
parent
4cfb621423
commit
ec5dec4a16
@ -83,6 +83,12 @@ Basic Configuration
|
||||
Take care to write patterns in such way to not allow the `*` wildcard character inadvertently. To match a `.`
|
||||
character, it must be escaped (as `\.`).
|
||||
|
||||
.. data:: LEMUR_OWNER_EMAIL_IN_SUBJECT
|
||||
:noindex:
|
||||
|
||||
By default, Lemur will add the certificate owner's email address to certificate subject (for CAs that allow it).
|
||||
Set this to `False` to disable this.
|
||||
|
||||
.. data:: LEMUR_TOKEN_SECRET
|
||||
:noindex:
|
||||
|
||||
|
@ -344,8 +344,9 @@ def create_csr(**csr_config):
|
||||
private_key = generate_private_key(csr_config.get('key_type'))
|
||||
|
||||
builder = x509.CertificateSigningRequestBuilder()
|
||||
name_list = [x509.NameAttribute(x509.OID_COMMON_NAME, csr_config['common_name']),
|
||||
x509.NameAttribute(x509.OID_EMAIL_ADDRESS, csr_config['owner'])]
|
||||
name_list = [x509.NameAttribute(x509.OID_COMMON_NAME, csr_config['common_name'])]
|
||||
if current_app.config.get('LEMUR_OWNER_EMAIL_IN_SUBJECT', True):
|
||||
name_list.append(x509.NameAttribute(x509.OID_EMAIL_ADDRESS, csr_config['owner']))
|
||||
if 'organization' in csr_config and csr_config['organization'].strip():
|
||||
name_list.append(x509.NameAttribute(x509.OID_ORGANIZATION_NAME, csr_config['organization']))
|
||||
if 'organizational_unit' in csr_config and csr_config['organizational_unit'].strip():
|
||||
|
Loading…
Reference in New Issue
Block a user