luxolus/open-consul
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-consul/agent/connect
History
R.B. Boyer c3d5a2a5ab
connect/ca: cease including the common name field in generated certs (#10424) 
As part of this change, we ensure that the SAN extensions are marked as
critical when the subject is empty so that AWS PCA tolerates the loss of
common names well and continues to function as a Connect CA provider.

Parts of this currently hack around a bug in crypto/x509 and can be
removed after https://go-review.googlesource.com/c/go/+/329129 lands in
a Go release.

Note: the AWS PCA tests do not run automatically, but the following
passed locally for me:

    ENABLE_AWS_PCA_TESTS=1 go test ./agent/connect/ca -run TestAWS
2021-06-25 13:00:00 -05:00
..
ca connect/ca: cease including the common name field in generated certs (#10424) 2021-06-25 13:00:00 -05:00
authz.go Replace CertURI.Authorize() calls. 2021-03-15 18:06:04 -06:00
authz_test.go Replace CertURI.Authorize() calls. 2021-03-15 18:06:04 -06:00
common_names.go connect/ca: cease including the common name field in generated certs (#10424) 2021-06-25 13:00:00 -05:00
csr.go connect/ca: cease including the common name field in generated certs (#10424) 2021-06-25 13:00:00 -05:00
generate.go connect: add validations around intermediate cert ttl (#7213) 2020-02-11 00:05:49 +01:00
generate_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
parsing.go Fix support for RSA CA keys in Connect. (#6638) 2019-11-01 13:20:26 +00:00
sni.go connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340) 2019-08-19 13:03:03 -05:00
sni_test.go connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340) 2019-08-19 13:03:03 -05:00
testing_ca.go connect/ca: cease including the common name field in generated certs (#10424) 2021-06-25 13:00:00 -05:00
testing_ca_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
testing_spiffe.go connect: Add logic for updating secondary DC intermediate on config set 2020-11-13 14:33:44 -08:00
uri.go Replace CertURI.Authorize() calls. 2021-03-15 18:06:04 -06:00
uri_agent.go connect/ca: cease including the common name field in generated certs (#10424) 2021-06-25 13:00:00 -05:00
uri_agent_test.go Replace CertURI.Authorize() calls. 2021-03-15 18:06:04 -06:00
uri_service.go connect/ca: cease including the common name field in generated certs (#10424) 2021-06-25 13:00:00 -05:00
uri_service_oss.go Fix a couple bugs regarding intentions with namespaces (#7169) 2020-01-29 17:30:38 -05:00
uri_signing.go Replace CertURI.Authorize() calls. 2021-03-15 18:06:04 -06:00
uri_signing_test.go Replace CertURI.Authorize() calls. 2021-03-15 18:06:04 -06:00
uri_test.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
x509_patch.go connect/ca: cease including the common name field in generated certs (#10424) 2021-06-25 13:00:00 -05:00
x509_patch_test.go connect/ca: cease including the common name field in generated certs (#10424) 2021-06-25 13:00:00 -05:00