From 3c09a7b80c45c581cd435566b181571fc6677738 Mon Sep 17 00:00:00 2001 From: Maartje Eyskens Date: Fri, 7 Feb 2020 09:22:24 +0100 Subject: [PATCH] Document more info on CN behaviour Signed-off-by: Maartje Eyskens --- deploy/charts/cert-manager/crds/certificates.yaml | 4 ++-- deploy/manifests/00-crds.yaml | 4 ++-- pkg/apis/certmanager/v1alpha2/types_certificate.go | 1 + pkg/apis/certmanager/v1alpha3/types_certificate.go | 2 ++ pkg/internal/venafi/BUILD.bazel | 1 + 5 files changed, 8 insertions(+), 4 deletions(-) diff --git a/deploy/charts/cert-manager/crds/certificates.yaml b/deploy/charts/cert-manager/crds/certificates.yaml index 2e59bf248..cc13b391b 100644 --- a/deploy/charts/cert-manager/crds/certificates.yaml +++ b/deploy/charts/cert-manager/crds/certificates.yaml @@ -65,10 +65,10 @@ spec: - secretName properties: commonName: - description: CommonName is a common name to be used on the Certificate. + description: 'CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when - any subject alt name is set. + any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4' type: string dnsNames: description: DNSNames is a list of subject alt names to be used on the diff --git a/deploy/manifests/00-crds.yaml b/deploy/manifests/00-crds.yaml index be59ce8bb..786dde46c 100644 --- a/deploy/manifests/00-crds.yaml +++ b/deploy/manifests/00-crds.yaml @@ -256,10 +256,10 @@ spec: - secretName properties: commonName: - description: CommonName is a common name to be used on the Certificate. + description: 'CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when - any subject alt name is set. + any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4' type: string dnsNames: description: DNSNames is a list of subject alt names to be used on the diff --git a/pkg/apis/certmanager/v1alpha2/types_certificate.go b/pkg/apis/certmanager/v1alpha2/types_certificate.go index 258e4a807..74a4b0d46 100644 --- a/pkg/apis/certmanager/v1alpha2/types_certificate.go +++ b/pkg/apis/certmanager/v1alpha2/types_certificate.go @@ -80,6 +80,7 @@ type CertificateSpec struct { // The CommonName should have a length of 64 characters or fewer to avoid // generating invalid CSRs. // This value is ignored by TLS clients when any subject alt name is set. + // This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4 // +optional CommonName string `json:"commonName,omitempty"` diff --git a/pkg/apis/certmanager/v1alpha3/types_certificate.go b/pkg/apis/certmanager/v1alpha3/types_certificate.go index 3c7b4b43e..0dec73d16 100644 --- a/pkg/apis/certmanager/v1alpha3/types_certificate.go +++ b/pkg/apis/certmanager/v1alpha3/types_certificate.go @@ -79,6 +79,8 @@ type CertificateSpec struct { // CommonName is a common name to be used on the Certificate. // The CommonName should have a length of 64 characters or fewer to avoid // generating invalid CSRs. + // This value is ignored by TLS clients when any subject alt name is set. + // This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4 // +optional CommonName string `json:"commonName,omitempty"` diff --git a/pkg/internal/venafi/BUILD.bazel b/pkg/internal/venafi/BUILD.bazel index 8abfae3bc..a78f76a12 100644 --- a/pkg/internal/venafi/BUILD.bazel +++ b/pkg/internal/venafi/BUILD.bazel @@ -29,6 +29,7 @@ filegroup( name = "all-srcs", srcs = [ ":package-srcs", + "//pkg/internal/venafi/api:all-srcs", "//pkg/internal/venafi/fake:all-srcs", ], tags = ["automanaged"],