letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ceremony: allow shortening of Subject Organization Name

This commit is contained in:
Aaron Gable 2025-07-16 18:48:34 -07:00
parent d9849d63d7
commit c47271be39
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/ceremony/main.go
View File

@ -771,8 +771,10 @@ func crossCertCeremony(configBytes []byte) error {
return fmt.Errorf("lint cert and toBeCrossSigned cert EKUs differ") return fmt.Errorf("lint cert and toBeCrossSigned cert EKUs differ")
} }
if len(lintCert.ExtKeyUsage) == 0 { if len(lintCert.ExtKeyUsage) == 0 {
// "Unrestricted" case, the issuer and subject need to be the same or at least affiliates. // In the "Unrestricted" case, the issuer and subject organizations need to be the same...
if !slices.Equal(lintCert.Subject.Organization, issuer.Subject.Organization) { if !slices.Equal(lintCert.Subject.Organization, issuer.Subject.Organization) && !(
// ...or at least affiliates.
slices.Equal(issuer.Subject.Organization, []string{"Internet Security Research Group"}) && slices.Equal(lintCert.Subject.Organization, []string{"ISRG"})) {
return fmt.Errorf("attempted unrestricted cross-sign of certificate operated by a different organization") return fmt.Errorf("attempted unrestricted cross-sign of certificate operated by a different organization")
} }
} }