weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Only encode EKUs if there are EKUs to be encoded

Browse Source 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
This commit is contained in:
Maartje Eyskens 2020-09-07 09:00:53 +02:00
parent 4abc7f16b0
commit 8d15ec6bc8
1 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
pkg/util/pki/csr.go
View File

@ -217,12 +217,18 @@ func GenerateCSR(crt *v1.Certificate) (*x509.CertificateRequest, error) {
asn1ExtendedUsages = append(asn1ExtendedUsages, oid)
}
}
extendedUsage := pkix.Extension{
Id: OIDExtensionExtendedKeyUsage,
}
extendedUsage.Value, err = asn1.Marshal(asn1ExtendedUsages)
if err != nil {
return nil, fmt.Errorf("failed to asn1 encode extended usages: %w", err)
extraExtensions := []pkix.Extension{usage}
if len(ekus) > 0 {
extendedUsage := pkix.Extension{
Id: OIDExtensionExtendedKeyUsage,
}
extendedUsage.Value, err = asn1.Marshal(asn1ExtendedUsages)
if err != nil {
return nil, fmt.Errorf("failed to asn1 encode extended usages: %w", err)
}
extraExtensions = append(extraExtensions, extendedUsage)
}
return &x509.CertificateRequest{
@ -244,7 +250,7 @@ func GenerateCSR(crt *v1.Certificate) (*x509.CertificateRequest, error) {
IPAddresses: iPAddresses,
URIs: uriNames,
EmailAddresses: crt.Spec.EmailAddresses,
ExtraExtensions: []pkix.Extension{usage, extendedUsage},
ExtraExtensions: extraExtensions,
}, nil
}