open-vault

Commit Graph

Author	SHA1	Message	Date
Alexander Scheel	5ca7065bda	Warn on empty Subject field for issuers (#15494 ) * Warn on empty Subject field for issuers When generating a root or signing an intermediate certificate, it is possible to have Vault generate a certificate with an empty Subject. These don't validate in most TLS implementations well, so add a warning. Note that non-Common Name fields could be present to make a non-empty subject, so simply requiring a CommonName isn't strictly the best. For example: $ vault write pki/root/generate/exported common_name="" WARNING! The following warnings were returned from Vault: * This issuer certificate was generated without a Subject; this makes it likely that issuing leaf certs with this certificate will cause TLS validation libraries to reject this certificate. .... Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>	2022-05-18 10:15:37 -04:00

Author

SHA1

Message

Date

Alexander Scheel

5ca7065bda

Warn on empty Subject field for issuers (#15494 )

* Warn on empty Subject field for issuers

When generating a root or signing an intermediate certificate, it is
possible to have Vault generate a certificate with an empty Subject.
These don't validate in most TLS implementations well, so add a warning.
Note that non-Common Name fields could be present to make a non-empty
subject, so simply requiring a CommonName isn't strictly the best.

For example:

    $ vault write pki/root/generate/exported common_name=""
    WARNING! The following warnings were returned from Vault:
      * This issuer certificate was generated without a Subject; this makes
      it likely that issuing leaf certs with this certificate will cause TLS
      validation libraries to reject this certificate.
    ....

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

2022-05-18 10:15:37 -04:00

1 Commits