weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Set ExtKeyUsageServerAuth in GenerateTemplateFromCertificateRequest

Browse Source 
Signed-off-by: James Munnelly <james@munnelly.eu>
This commit is contained in:
James Munnelly 2019-07-05 17:25:54 +01:00
parent a60a6d755f
commit 096fa22d07
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/util/pki/csr.go
View File

@ -243,7 +243,11 @@ func GenerateTemplateFromCertificateRequest(cr *v1alpha1.CertificateRequest) (*x
DNSNames: csr.DNSNames,
IPAddresses: csr.IPAddresses,
URIs: csr.URIs,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
// TODO: we should expose ExtKeyUsage via the API and not set x509.ExtKeyUsageClientAuth
// by default. This is a known change in behaviour between the Certificate and CertificateRequest
// controller and should be rectified before the CertificateRequest feature exits
// alpha.
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
}, nil
}