case of no SANs and common name not a valid domain

serverless-ca · Feb 6, 2024 · 7537f35 · 7537f35
1 parent 2825583
commit 7537f35
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/modules/terraform-aws-ca-lambda/utils/certs/crypto.py b/modules/terraform-aws-ca-lambda/utils/certs/crypto.py
@@ -27,11 +27,18 @@ def crypto_ca_key_info(public_key, kms_key_id, common_name):
 
 
 def crypto_cert_request_info(csr_cert, common_name, lifetime, sans):
+    # no SANs and common name is not a valid domain
+    if (sans is None or sans == []) and not domain_validator(common_name):
+        sans = []
 
+    # no SANs and common name is a valid domain
     if (sans is None or sans == []) and domain_validator(common_name):
         sans = [common_name]
 
+    # remove invalid SANs
     sans = [s for s in sans if domain_validator(s)]
+
+    # convert to x509 cryptography format
     x509_sans = []
     for san in sans:
         x509_sans.append(x509.DNSName(san))