From 50f78b8afbe48de4374b9c3f92c232d109e4ff95 Mon Sep 17 00:00:00 2001
From: Seth Schoen <schoen@eff.org>
Date: Thu, 31 May 2012 20:10:46 -0700
Subject: [PATCH] check goodness of cn field

---
 webserver/chocolate.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/webserver/chocolate.py b/webserver/chocolate.py
index 0bcd862d8..f1bce6c38 100755
--- a/webserver/chocolate.py
+++ b/webserver/chocolate.py
@@ -140,7 +140,10 @@ class index:
         if not CSR.csr_goodkey(csr):
             self.die(r, r.UnsafeKey, nonce)
             return
-        # TODO: check goodness of cn field
+        if not CSR.can_sign(CSR.cn(csr)):
+            self.die(r, r.CannotIssueThatName, nonce)
+            return
+        # TODO: check goodness of subjectAltName fields!
         self.sessions.make_request(self.session, (nonce, CSR.cn(csr), csr))
         r.proceed.timestamp = int(time.time())
         r.proceed.polldelay = 10