acme: fill Subject CN field in the tls-sni challenge certs This is purely for debugging purposes, where an external system may have a lookup mechanism based on Common Name. Change-Id: I50b64ccf82e67fe8a0074a6f9b57e8cf102f1bb3 Reviewed-on: https://go-review.googlesource.com/71130 Run-TryBot: Alex Vaghin <ddos@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>

commit: 959b3afb35f6a769732990dceca09da087ee47f5 [log] [tgz]
author: Alex Vaghin <ddos@google.com> Mon Oct 16 15:58:10 2017 +0200
committer: Adam Langley <agl@golang.org> Thu Oct 19 14:22:11 2017 +0000
tree: cab4a965a0b38878e0b87350b6ff210739b348d4
parent: ed5229da99e3a6df35c756cd64b6982d19505d86 [diff] [blame]
diff --git a/acme/acme.go b/acme/acme.go
index e8388b0..60dbb11 100644
--- a/acme/acme.go
+++ b/acme/acme.go

@@ -995,6 +995,7 @@
 
 // tlsChallengeCert creates a temporary certificate for TLS-SNI challenges
 // with the given SANs and auto-generated public/private key pair.
+// The Subject Common Name is set to the first SAN to aid debugging.
 // To create a cert with a custom key pair, specify WithKey option.
 func tlsChallengeCert(san []string, opt []CertOption) (tls.Certificate, error) {
 	var (
@@ -1033,6 +1034,9 @@
 		}
 	}
 	tmpl.DNSNames = san
+	if len(san) > 0 {
+		tmpl.Subject.CommonName = san[0]
+	}
 
 	der, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, key.Public(), key)
 	if err != nil {
commit	959b3afb35f6a769732990dceca09da087ee47f5	[log] [tgz]
author	Alex Vaghin <ddos@google.com>	Mon Oct 16 15:58:10 2017 +0200
committer	Adam Langley <agl@golang.org>	Thu Oct 19 14:22:11 2017 +0000
tree	cab4a965a0b38878e0b87350b6ff210739b348d4
parent	ed5229da99e3a6df35c756cd64b6982d19505d86 [diff] [blame]