weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

BUGFIX: we incidentally removed the feature gate check that enables the UseCertificateRequestBasicConstraints feature

Browse Source 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
This commit is contained in:
Tim Ramlot 2023-06-14 21:31:25 +02:00
parent 2d01fbecac
commit 9000a06956
No known key found for this signature in database
GPG Key ID: 47428728E0C2878D
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/controller/certificates/requestmanager/requestmanager_controller.go
View File

@ -350,7 +350,11 @@ func (c *controller) deleteRequestsNotMatchingSpec(ctx context.Context, crt *cma
func (c *controller) createNewCertificateRequest(ctx context.Context, crt *cmapi.Certificate, pk crypto.Signer, nextRevision int, nextPrivateKeySecretName string) error {
log := logf.FromContext(ctx)
x509CSR, err := pki.GenerateCSR(crt, pki.WithUseLiteralSubject(utilfeature.DefaultMutableFeatureGate.Enabled(feature.LiteralCertificateSubject)))
x509CSR, err := pki.GenerateCSR(
crt,
pki.WithUseLiteralSubject(utilfeature.DefaultMutableFeatureGate.Enabled(feature.LiteralCertificateSubject)),
pki.WithEncodeBasicConstraintsInRequest(utilfeature.DefaultMutableFeatureGate.Enabled(feature.UseCertificateRequestBasicConstraints)),
)
if err != nil {
log.Error(err, "Failed to generate CSR - will not retry")
return nil