From 51b58b5213b4f0e47bbc568ee1ede78edb46ae1a Mon Sep 17 00:00:00 2001
From: JM <13242860+jmdelafe@users.noreply.github.com>
Date: Mon, 18 Aug 2025 14:21:21 -0400
Subject: [PATCH] BUG/MINOR: cert-info: enhance leaf certificate selection to
 include DNS names

Extending the logic to check if both CommonName or SubjectAlternativeNames are not empty. This fixes the cases where names are too long and have no CN but only SAN.
---
 storage/cert-info.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/storage/cert-info.go b/storage/cert-info.go
index 8a33b716..1a294f79 100644
--- a/storage/cert-info.go
+++ b/storage/cert-info.go
@@ -160,7 +160,7 @@ func findLeafCertificate(certs []*x509.Certificate) (*x509.Certificate, error) {
 
 	// Find the starting certificate (a certificate whose issuer is not in the list)
 	for _, cert := range certs {
-		if !cert.IsCA && cert.Subject.CommonName != "" && !isIssuer[cert.Subject.String()] {
+		if !cert.IsCA && (cert.Subject.CommonName != "" || len(cert.DNSNames) != 0) && !isIssuer[cert.Subject.String()] {
 			return cert, nil
 		}
 	}