Skip to content

[Docs]: webhook.X509CertificateRequest and webhook.X509Certificate: is it safe to check only SANs, ignoring DNSNames, EmailAddresses, IPAddresses, URLs ? #2612

New issue
New issue
Open
Open
[Docs]: webhook.X509CertificateRequest and webhook.X509Certificate: is it safe to check only SANs, ignoring DNSNames, EmailAddresses, IPAddresses, URLs ?#2612
Labels
needs triageWaiting for discussion / prioritization by team
@filimonic

Description

@filimonic
filimonic
opened on Mar 21, 2026

Hello!

I'm trying to write a webhook for x509 certificates, using
webhook.X509CertificateRequest and webhook.X509Certificate.

Is it safe to check only SANs field, ignoring DNSNames, EmailAddresses, IPAddresses, URLs ?
Do I need to check if all SANs with type dns are listed in DNSNames, and vice-versa?

Metadata

Metadata

Assignees

No one assigned

    Labels

    needs triageWaiting for discussion / prioritization by team

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions