Commit f7b0885a authored by Markus Wigge's avatar Markus Wigge

Fix nameConstraints to allow subdomains.

According to https://tools.ietf.org/html/rfc5280#section-4.2.1.10 the
DNS name should be prefixed with a leading "." to allow hosts and
subdomains based on that name.
parent 81dabe74
......@@ -130,7 +130,7 @@ get_openssl_name_constraints_directive () {
local name_constraints
case "${config['name_constraints']}" in
true|True)
name_constraints="nameConstraints = critical, permitted;DNS:${config_domain}"
name_constraints="nameConstraints = critical, permitted;DNS:.${config_domain}"
;;
false|False)
name_constraints=""
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment