Document more info on CN behaviour

Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
2020-02-07 09:22:24 +01:00 · 2020-02-07 09:22:24 +01:00 · 3c09a7b80c
commit 3c09a7b80c
parent 7e318dbfbb
5 changed files with 8 additions and 4 deletions
--- a/deploy/charts/cert-manager/crds/certificates.yaml
+++ b/deploy/charts/cert-manager/crds/certificates.yaml
@ -65,10 +65,10 @@ spec:
          - secretName
          properties:
            commonName:
-              description: CommonName is a common name to be used on the Certificate.
+              description: 'CommonName is a common name to be used on the Certificate.
                The CommonName should have a length of 64 characters or fewer to avoid
                generating invalid CSRs. This value is ignored by TLS clients when
-                any subject alt name is set.
+                any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4'
              type: string
            dnsNames:
              description: DNSNames is a list of subject alt names to be used on the
--- a/deploy/manifests/00-crds.yaml
+++ b/deploy/manifests/00-crds.yaml
@ -256,10 +256,10 @@ spec:
          - secretName
          properties:
            commonName:
-              description: CommonName is a common name to be used on the Certificate.
+              description: 'CommonName is a common name to be used on the Certificate.
                The CommonName should have a length of 64 characters or fewer to avoid
                generating invalid CSRs. This value is ignored by TLS clients when
-                any subject alt name is set.
+                any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4'
              type: string
            dnsNames:
              description: DNSNames is a list of subject alt names to be used on the
--- a/pkg/apis/certmanager/v1alpha2/types_certificate.go
+++ b/pkg/apis/certmanager/v1alpha2/types_certificate.go
@ -80,6 +80,7 @@ type CertificateSpec struct {
 	// The CommonName should have a length of 64 characters or fewer to avoid
 	// generating invalid CSRs.
 	// This value is ignored by TLS clients when any subject alt name is set.
+	// This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4
 	// +optional
 	CommonName string `json:"commonName,omitempty"`

--- a/pkg/apis/certmanager/v1alpha3/types_certificate.go
+++ b/pkg/apis/certmanager/v1alpha3/types_certificate.go
@ -79,6 +79,8 @@ type CertificateSpec struct {
 	// CommonName is a common name to be used on the Certificate.
 	// The CommonName should have a length of 64 characters or fewer to avoid
 	// generating invalid CSRs.
+	// This value is ignored by TLS clients when any subject alt name is set.
+	// This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4
 	// +optional
 	CommonName string `json:"commonName,omitempty"`

--- a/pkg/internal/venafi/BUILD.bazel
+++ b/pkg/internal/venafi/BUILD.bazel
@ -29,6 +29,7 @@ filegroup(
    name = "all-srcs",
    srcs = [
        ":package-srcs",
+        "//pkg/internal/venafi/api:all-srcs",
        "//pkg/internal/venafi/fake:all-srcs",
    ],
    tags = ["automanaged"],