open-vault/builtin
Alexander Scheel b69055175a
Use UTC for leaf exceeding CA's notAfter (#18984)
* Use UTC for leaf exceeding CA's notAfter

When generating a leaf which exceeds the CA's validity period, Vault's
error message was confusing as the leaf would use the server's time
zone, but the CA's notAfter date would use UTC. This could cause
user confusion as the leaf's expiry might look before the latter, due
to using different time zones. E.g.:

> cannot satisfy request, as TTL would result in notAfter
> 2023-03-06T16:41:09.757694-08:00 that is beyond the expiration of
> the CA certificate at 2023-03-07T00:29:52Z

Consistently use UTC for this instead.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-03 17:00:42 +00:00
..
audit Add option 'elide_list_responses' to audit backends (#18128) 2023-01-11 16:15:52 -05:00
credential Fix race accessing b.crls within cert auth (#18945) 2023-02-01 16:23:06 -05:00
logical Use UTC for leaf exceeding CA's notAfter (#18984) 2023-02-03 17:00:42 +00:00
plugin Plugins: Update running version everywhere running sha256 is set (#17292) 2022-09-23 11:19:38 +01:00