From ea8260d0d96a7c3b13558f64f92ff0094ee62140 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Sun, 25 Oct 2020 17:59:00 +0100
Subject: [PATCH] Accept "NEW CERTIFICATE REQUEST" PEM headers

Fixes #301
---
 cert.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/cert.go b/cert.go
index e4c5d7c..02176d3 100644
--- a/cert.go
+++ b/cert.go
@@ -63,7 +63,7 @@ func (m *mkcert) makeCert(hosts []string) {
 			OrganizationalUnit: []string{userAndHostname},
 		},
 
-		NotAfter:  time.Now().AddDate(10, 0, 0),
+		NotAfter: time.Now().AddDate(10, 0, 0),
 
 		// Fix the notBefore to temporarily bypass macOS Catalina's limit on
 		// certificate lifespan. Once mkcert provides an ACME server, automation
@@ -208,7 +208,8 @@ func (m *mkcert) makeCertFromCSR() {
 	if csrPEM == nil {
 		log.Fatalln("ERROR: failed to read the CSR: unexpected content")
 	}
-	if csrPEM.Type != "CERTIFICATE REQUEST" {
+	if csrPEM.Type != "CERTIFICATE REQUEST" &&
+		csrPEM.Type != "NEW CERTIFICATE REQUEST" {
 		log.Fatalln("ERROR: failed to read the CSR: expected CERTIFICATE REQUEST, got " + csrPEM.Type)
 	}
 	csr, err := x509.ParseCertificateRequest(csrPEM.Bytes)