2518cd1d6c
* Remove signature_bits on intermediate generate This extraneous field wasn't respected during intermediate generation and it isn't clear that it should be. Strictly, this field, if it were to exist, would control the CSR's internal signature algorithm (certutil defaults to the sane SHA-256 here). However, there's little value in changing this as the signing authority can and probably will override the final certificate's signature bits value, completely ignoring whatever was in the provided CSR. Removing this field will now cause warnings for those providing the parameter (which already wasn't respected), which is the desired behavior. No breakage should occur as a result of this change. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
4 lines
229 B
Plaintext
4 lines
229 B
Plaintext
```release-note:change
|
|
secret/pki: Remove unused signature_bits parameter from intermediate CSR generation; this parameter doesn't control the final certificate's signature algorithm selection as that is up to the signing CA
|
|
```
|