Option to enable PermittedDNSDomains #26
Description
Hi!
Would you accept a PR that adds an option to fill in PermittedDNSDomains?
I verified it works if I just add 2 lines to the template:
PermittedDNSDomainsCritical: true,
PermittedDNSDomains: []string{".local", ".me.dev"},
Then if I try to generate a cert for google.com it fails validation:
$ ./minica -domains google.com
$ openssl verify -CAfile minica.pem google.com/cert.pem
CN = google.com
error 47 at 0 depth lookup: permitted subtree violation
error google.com/cert.pem: verification failed
It'll take a bunch of changes to pass a new CLI option all the way up to makeRootCert