You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cryptographic Sprig functions (e.g., genSelfSignedCert, genSelfSignedCertWithKey, etc.) currently support clients passing in optional lists of IPs and alternate DNS names.
I propose that these same cryptographic functions may also support clients passing in subject alternative URIs.
The crypto x509 package's Certificate (which Sprig relies on) supports specifying URI subject alternative names, as written in RFC5280:
The subject alternative name extension allows identities to be bound
to the subject of the certificate. These identities may be included
in addition to or in place of the identity in the subject field of
the certificate. Defined options include an Internet electronic mail
address, a DNS name, an IP address, and a Uniform Resource Identifier
(URI).
Cryptographic Sprig functions (e.g.,
genSelfSignedCert,genSelfSignedCertWithKey, etc.) currently support clients passing in optional lists of IPs and alternate DNS names.I propose that these same cryptographic functions may also support clients passing in subject alternative URIs.
The crypto x509 package's
Certificate(which Sprig relies on) supports specifying URI subject alternative names, as written in RFC5280:URIs are essential to the SPIFFE standard, where:
I'm happy to submit a PR for consideration and to start a discussion around this.
The text was updated successfully, but these errors were encountered: