3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-30 15:00:51 +02:00
Code Issues Projects Releases Packages Wiki Activity

cryptutil: generate certificates from deriveca

Browse source
This commit is contained in:
Caleb Doxsey 2023-02-17 18:54:45 -07:00
parent b13afc7b0c
commit 91fca06397
8 changed files with 28 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

5
pkg/derivecert/ca.go
View file

@ -83,7 +83,7 @@ func CAFromPEM(p PEM) (*CA, string, error) {
}
// NewServerCert generates certificate for the given domain name(s)
func (ca *CA) NewServerCert(domains []string) (*PEM, error) {
func (ca *CA) NewServerCert(domains []string, configure ...func(*x509.Certificate)) (*PEM, error) {
key, err := deriveKey(newReader(readerTypeServerPrivateKey, ca.psk, domains...))
if err != nil {
return nil, fmt.Errorf("derive key: %w", err)
@ -93,6 +93,9 @@ func (ca *CA) NewServerCert(domains []string) (*PEM, error) {
if err != nil {
return nil, fmt.Errorf("cert template: %w", err)
}
for _, f := range configure {
f(tmpl)
}
cert, err := x509.CreateCertificate(
newReader(readerTypeServerCertificate, ca.psk, domains...),