-
Notifications
You must be signed in to change notification settings - Fork 6.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for x509 SubjectAltName identification #65626
Add support for x509 SubjectAltName identification #65626
Conversation
This is an automated comment for commit b1b9aaf with description of existing statuses. It's updated for the latest CI running ❌ Click here to open a full report in a separate page
Successful checks
|
fd54874
to
93683c4
Compare
bcaf745
to
e537b7d
Compare
aeaf92e
to
a30820b
Compare
a30820b
to
b1b9aaf
Compare
@thevar1able thanks for taking a look at my PR. Does the overall approach look OK to you?
|
@tonickkozlov yep overall looks OK, I'll make another pass today. I will check the test as well. |
138eb92
Currently only CommonName of an X.509 certificate can be used to validate identity of a user.
This change extends support to include SubjectAltName extension as well.
With this change, a user can be defined as as
Then a user would need to present the following info in its TLS certificate:
Few caveats:
Changelog category (leave one):
Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):
Add support for user identification based on x509 SubjectAltName extension.
Documentation entry for user-facing changes
CI Settings (Only check the boxes if you know what you are doing):