Disable Common Name for IP ACME certificates

2026-04-02 12:57:26 +02:00
parent 24cb6694d0
commit 2d058986e1
1 changed files with 11 additions and 0 deletions
--- a/tribes/services/lego.scm
+++ b/tribes/services/lego.scm
@@ -86,6 +86,14 @@
      (string-append "IP:" subject)
      (string-append "DNS:" subject)))

+(define (ip-subject? subject)
+  (and (not (string-any char-alphabetic? subject))
+       (string-any (lambda (chr)
+                     (or (char-numeric? chr)
+                         (char=? chr #\.)
+                         (char=? chr #\:)))
+                   subject)))
+
 (define (certificate-key-name certificate)
  (string-map (lambda (chr)
                (if (char=? chr #\*)
@@ -121,6 +129,9 @@
     (if server
         (list "--server" server)
         '())
+     (if (any ip-subject? subjects)
+         (list "--disable-cn")
+         '())
     (list "--key-type" key-type)
     (append-map (lambda (subject)
                   (list "-d" subject))