Random SAN ordering?


#1

I am seeing occasional certificates where the issued certificate lists its SANs in an apparently random order; it’s not alphabetical, nor does it follow the order specified in the CSR. Does anyone know why this would occur?


#2

The answer is probably somewhere in this code:

https://github.com/letsencrypt/boulder/blob/master/ca/certificate-authority.go#L275

A few lines below the above it says something about reordering:

https://github.com/letsencrypt/boulder/blob/master/ca/certificate-authority.go#L292

And the function in question most likely the culprit for the reordering:


#3

Don’t have enough Go knowledge myself to begin to fix that, so I opened a ticket; #1469 on Github, since I can’t create additional links at this time?