Feat: Implemented SUDO Department & API Key, CA Serial

2026-03-08 18:10:26 +05:45
parent ff976ee1cc
commit f334000da3
16 changed files with 911 additions and 5 deletions
@@ -288,6 +288,12 @@ class SSHCASigningService:
                else:
                    extensions = []  # host certs: no extensions

+            # OpenSSH (RFC 4251 §5) and golang.org/x/crypto/ssh require
+            # certificate extensions to be in strict lexical (alphabetical) order.
+            # Sort unconditionally so any caller-supplied or policy-derived list
+            # is guaranteed to be compliant.
+            extensions = sorted(extensions)
+
            certificate.fields.extensions = extensions
            certificate.fields.critical_options = signing_request.critical_options or {}