View definition

(*RegistrationAuthorityImpl).MatchesCSR

Defined in github.com/letsencrypt/boulder/ra/ra.go

Description

MatchesCSR tests the contents of a generated certificate to make sure that the PublicKey, CommonName, and DNSNames match those provided in the CSR that was used to generate the certificate. It also checks the following fields for:

* notBefore is not more than 24 hours ago
* BasicConstraintsValid is true
* IsCA is false
* ExtKeyUsage only contains ExtKeyUsageServerAuth & ExtKeyUsageClientAuth
* Subject only contains CommonName & Names

MatchesCSR is referenced in 1 repository

github.com/letsencrypt/boulder