weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Correctly check if certificate is valid when only dnsNames are specified

Browse Source
This commit is contained in:
James Munnelly 2017-10-13 13:32:10 +01:00
parent a3fc5d9eaa
commit d7009fbfa8
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/controller/certificates/sync.go
View File

@ -119,9 +119,15 @@ func (c *Controller) Sync(ctx context.Context, crt *v1alpha1.Certificate) (err e
return c.issue(ctx, i, crt)
}
expectedCN := crt.Spec.CommonName
if len(expectedCN) == 0 {
if len(crt.Spec.DNSNames) > 0 {
expectedCN = crt.Spec.DNSNames[0]
}
}
// if the certificate is valid for a list of domains other than those
// listed in the certificate spec, we should re-issue the certificate
if !util.EqualUnsorted(crt.Spec.AltNames, cert.DNSNames) {
if expectedCN != cert.Subject.CommonName || !util.EqualUnsorted(crt.Spec.DNSNames, cert.DNSNames) {
return c.issue(ctx, i, crt)
}