setCommonName() sets CN only

shred · Nov 24, 2023 · 50a7425 · 50a7425
1 parent 278f9bd
commit 50a7425
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 7 deletions.
diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/util/CSRBuilder.java b/acme4j-client/src/main/java/org/shredzone/acme4j/util/CSRBuilder.java
@@ -64,18 +64,17 @@ public class CSRBuilder {
     private final List<String> namelist = new ArrayList<>();
     private final List<InetAddress> iplist = new ArrayList<>();
     private @Nullable PKCS10CertificationRequest csr = null;
-    
+
     /**
-     * Adds a domain name to the CSR. The first domain name added will also be the
-     * <em>Common Name</em>. All domain names will be added as <em>Subject Alternative
-     * Name</em>.
+     * Adds a domain name to the CSR. All domain names will be added as <em>Subject
+     * Alternative Name</em>.
      * <p>
      * IDN domain names are ACE encoded automatically.
      * <p>
      * For wildcard certificates, the domain name must be prefixed with {@code "*."}.
      *
      * @param domain
-     *            Domain name to add
+     *         Domain name to add
      */
     public void addDomain(String domain) {
         namelist.add(toAce(requireNonNull(domain)));
@@ -218,12 +217,14 @@ public void addValue(ASN1ObjectIdentifier oid, String value) {
     }
 
     /**
-     * Sets the common name
+     * Sets the common name.
      * <p>
      * Note that it is at the discretion of the ACME server to accept this parameter.
+     *
+     * @since 3.2.0
      */
     public void setCommonName(String cn) {
-        addValue(BCStyle.CN, cn);
+        namebuilder.addRDN(BCStyle.CN, requireNonNull(cn));
     }
 
     /**

diff --git a/src/doc/docs/migration.md b/src/doc/docs/migration.md
@@ -2,6 +2,10 @@
 
 This document will help you migrate your code to the latest _acme4j_ version.
 
+## Migration to Version 3.2.0
+
+- Starting with this version, the `CSRBuilder` won't add the first domain as common name automatically. This permits the issuance of very long domain names, and should have no negative impact otherwise, as this field is usually ignored by CAs anyway. If you should encounter a problem here, you can use `CSRBuilder.setCommonName()` to set the first domain as common name manually. Discussion see [here](https://community.letsencrypt.org/t/questions-re-simplifying-issuance-for-very-long-domain-names/207925/11).
+
 ## Migration to Version 3.0.0
 
 Although acme4j has made a major version bump, the migration of your code should be done in a few minutes for most of you.