open-vault

History

Alexander Scheel b69055175a Use UTC for leaf exceeding CA's notAfter (#18984 ) * Use UTC for leaf exceeding CA's notAfter When generating a leaf which exceeds the CA's validity period, Vault's error message was confusing as the leaf would use the server's time zone, but the CA's notAfter date would use UTC. This could cause user confusion as the leaf's expiry might look before the latter, due to using different time zones. E.g.: > cannot satisfy request, as TTL would result in notAfter > 2023-03-06T16:41:09.757694-08:00 that is beyond the expiration of > the CA certificate at 2023-03-07T00:29:52Z Consistently use UTC for this instead. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog entry Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> --------- Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>		2023-02-03 17:00:42 +00:00
..
cmd/pki
backend.go	PKI Unified CRL/OCSP apis should be ent only (#18913 )	2023-02-01 08:35:14 -05:00
backend_test.go	Fix race in tidy status with cert counting (#18899 )	2023-01-30 14:13:40 -05:00
ca_test.go
ca_util.go	Vault 9406 enablement certs need userid handling in role (#18397 )	2023-01-25 13:13:54 -05:00
cert_util.go	Use UTC for leaf exceeding CA's notAfter (#18984 )	2023-02-03 17:00:42 +00:00
cert_util_test.go
chain_test.go	Add t.Helper() to various PKI test helper methods (#18881 )	2023-01-27 17:29:11 +00:00
chain_util.go
config_util.go
crl_test.go	Refactor an ENT test helper back to OSS to wait for updated CRLs within PKI tests (#18933 )	2023-02-01 08:47:26 -05:00
crl_util.go	Allow unification of revocations on other clusters (#18873 )	2023-01-27 16:34:04 +00:00
fields.go	Add tidy of cross-cluster revoked storage (#18860 )	2023-01-26 13:30:57 -05:00
integration_test.go
key_util.go
managed_key_util.go
path_config_ca.go
path_config_cluster.go
path_config_crl.go	Unified revocation migration code (#18866 )	2023-01-27 15:49:20 +00:00
path_config_urls.go
path_fetch.go	PKI Unified CRL/OCSP apis should be ent only (#18913 )	2023-02-01 08:35:14 -05:00
path_fetch_issuers.go
path_fetch_keys.go
path_intermediate.go
path_issue_sign.go	Vault 9406 enablement certs need userid handling in role (#18397 )	2023-01-25 13:13:54 -05:00
path_manage_issuers.go
path_manage_keys.go
path_manage_keys_test.go
path_ocsp.go	Apply URL encoding/unencoding to OCSP Get requests (#18938 )	2023-02-01 11:03:43 -05:00
path_ocsp_test.go	Apply URL encoding/unencoding to OCSP Get requests (#18938 )	2023-02-01 11:03:43 -05:00
path_resign_crls.go
path_resign_crls_test.go	Add t.Helper() to various PKI test helper methods (#18881 )	2023-01-27 17:29:11 +00:00
path_revoke.go	Return a detailed list response for unified-revoked API endpoint (#18862 )	2023-01-26 19:12:35 +00:00
path_roles.go	Vault 9406 enablement certs need userid handling in role (#18397 )	2023-01-25 13:13:54 -05:00
path_roles_test.go
path_root.go
path_sign_issuers.go
path_tidy.go	Fix race in tidy status with cert counting (#18899 )	2023-01-30 14:13:40 -05:00
path_tidy_test.go
periodic.go	Unified revocation migration code (#18866 )	2023-01-27 15:49:20 +00:00
secret_certs.go
storage.go	Unified revocation migration code (#18866 )	2023-01-27 15:49:20 +00:00
storage_migrations.go
storage_migrations_test.go	Add t.Helper() to various PKI test helper methods (#18881 )	2023-01-27 17:29:11 +00:00
storage_test.go
storage_unified.go	Return a detailed list response for unified-revoked API endpoint (#18862 )	2023-01-26 19:12:35 +00:00
test_helpers.go	Refactor an ENT test helper back to OSS to wait for updated CRLs within PKI tests (#18933 )	2023-02-01 08:47:26 -05:00
util.go	Unified revocation migration code (#18866 )	2023-01-27 15:49:20 +00:00