starred/mkcert

Fork 0

mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 13:36:02 +03:00

[GH-ISSUE #318] Cannot sign csr get panic error #204

New issue

Closed

opened 2026-02-25 22:32:51 +03:00 by kerem · 5 comments

kerem commented

2026-02-25 22:32:51 +03:00

Owner

Originally created by @symgryph on GitHub (Dec 3, 2020).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/318

I generated a csr on an appliance I use, and when I use the following:

mkcert -csr my.test.csr

I get:


goroutine 1 [running]:
main.(*mkcert).fileNames(0xc000155f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x121fc40, 0xc000066300, 0xc00042c000, 0x46b)
	/private/tmp/mkcert-20201126-82459-i1bflq/mkcert-1.4.3/src/github.com/FiloSottile/mkcert/cert.go:177 +0x3cc
main.(*mkcert).makeCertFromCSR(0xc000155f00)
	/private/tmp/mkcert-20201126-82459-i1bflq/mkcert-1.4.3/src/github.com/FiloSottile/mkcert/cert.go:266 +0x7c8
main.(*mkcert).Run(0xc000155f00, 0xc0000121d0, 0x0, 0x0)
	/private/tmp/mkcert-20201126-82459-i1bflq/mkcert-1.4.3/src/github.com/FiloSottile/mkcert/main.go:203 +0x64a
main.main()
	/private/tmp/mkcert-20201126-82459-i1bflq/mkcert-1.4.3/src/github.com/FiloSottile/mkcert/main.go:145 +0x851

Originally created by @symgryph on GitHub (Dec 3, 2020). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/318 I generated a csr on an appliance I use, and when I use the following: ``` mkcert -csr my.test.csr ``` I get: ``` goroutine 1 [running]: main.(*mkcert).fileNames(0xc000155f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x121fc40, 0xc000066300, 0xc00042c000, 0x46b) /private/tmp/mkcert-20201126-82459-i1bflq/mkcert-1.4.3/src/github.com/FiloSottile/mkcert/cert.go:177 +0x3cc main.(*mkcert).makeCertFromCSR(0xc000155f00) /private/tmp/mkcert-20201126-82459-i1bflq/mkcert-1.4.3/src/github.com/FiloSottile/mkcert/cert.go:266 +0x7c8 main.(*mkcert).Run(0xc000155f00, 0xc0000121d0, 0x0, 0x0) /private/tmp/mkcert-20201126-82459-i1bflq/mkcert-1.4.3/src/github.com/FiloSottile/mkcert/main.go:203 +0x64a main.main() /private/tmp/mkcert-20201126-82459-i1bflq/mkcert-1.4.3/src/github.com/FiloSottile/mkcert/main.go:145 +0x851 ```

kerem closed this issue

2026-02-25 22:32:51 +03:00

kerem commented

2026-02-25 22:32:51 +03:00

Author

Owner

@Vaka82 commented on GitHub (Dec 7, 2020):

Same issue - Any suggestions..?

@Vaka82 commented on GitHub (Dec 7, 2020): Same issue - Any suggestions..?

kerem commented

2026-02-25 22:32:51 +03:00

Author

Owner

@Vaka82 commented on GitHub (Dec 8, 2020):

It's panicking @ the below code as hosts slice is empty -

Adding this before that fileNames call seem to fix this issue for me.

if len(hosts) == 0 {
hosts = []string{csr.Subject.CommonName}
}

certFile, _, _ := m.fileNames(hosts)

@Vaka82 commented on GitHub (Dec 8, 2020): It's panicking @ the below code as hosts slice is empty - ![image](https://user-images.githubusercontent.com/3131980/101522389-be6c5300-394c-11eb-90ff-1a8405412894.png) Adding this before that fileNames call seem to fix this issue for me. **if len(hosts) == 0 { hosts = []string{csr.Subject.CommonName} }** certFile, _, _ := m.fileNames(hosts)

kerem commented

2026-02-25 22:32:51 +03:00

Author

Owner

@gergelyzs commented on GitHub (Feb 24, 2021):

i have found the same issue. I believe it is because the CSR has no SAN. If you can modify your CSR, it's easy enough to circumvent. I seem to remember that having no SAN is deprecated, so this is not entirely unexpected. For me, the CSR is coming from an old iDRAC, so no way I can change it.

Fix works because it reads the CN. @Vaka82 care to make a PR?

@gergelyzs commented on GitHub (Feb 24, 2021): i have found the same issue. I believe it is because the CSR has no SAN. If you can modify your CSR, it's easy enough to circumvent. I seem to remember that having no SAN is deprecated, so this is not entirely unexpected. For me, the CSR is coming from an old iDRAC, so no way I can change it. Fix works because it reads the CN. @Vaka82 care to make a PR?

kerem commented

2026-02-25 22:32:51 +03:00

Author

Owner

@adippel commented on GitHub (Nov 4, 2021):

+1 encountered this just recently. dont know if using CN is the right way since using CN for domain names is not the right way. At least replacing the meaningless panic is a must.

@adippel commented on GitHub (Nov 4, 2021): +1 encountered this just recently. dont know if using CN is the right way since using CN for domain names is not the right way. At least replacing the meaningless panic is a must.

kerem commented

2026-02-25 22:32:51 +03:00

Author

Owner

@FiloSottile commented on GitHub (Apr 25, 2022):

Fixed, thank you for the report. The feature to use the CN if there were no SANs was already there, but then it was trying to print the hosts from the CSR instead of the generated certificate.

@FiloSottile commented on GitHub (Apr 25, 2022): Fixed, thank you for the report. The feature to use the CN if there were no SANs was already there, but then it was trying to print the hosts from the CSR instead of the generated certificate.