weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
662900a1d3
cert-manager/internal/controller/certificates
History
Thomas Müller 12483d3d54 Check JKS/PKCS12 truststores only if issuer provides the CA 
The current policy check for keystores in Secrets creates a loop because
the truststore.jks or truststore.p12 will never exist when the issuer didn't
provide the CA certificate. This behaviour was introduced by #5597

The JKS and PKCS12 truststores are only added to the Secret
if the CA is provided by the issuer. The CertificateRequest API
reference states:

> The PEM encoded x509 certificate of the signer, also known
> as the CA (Certificate Authority). This is set on a best-effort basis by
> different issuers. If not set, the CA is assumed to be unknown/not available.

This change will only check the PKCS12/JKS truststores if the CA cert from the
issuer exists in the secret.

Fixes #5755

Signed-off-by: Thomas Müller <thomas@chaschperli.ch>
2023-04-27 17:09:41 +02:00
..
policies Check JKS/PKCS12 truststores only if issuer provides the CA 2023-04-27 17:09:41 +02:00
apply_test.go Add roundtrip test to Certificate serializing. Add field manager to 2022-03-28 12:40:29 +01:00
apply.go Revert "Use Apply instead of Update to modify resources in tests" 2022-05-03 11:31:47 +01:00
OWNERS Remove carrot from OWNERS file match string 2022-02-11 16:18:44 +00:00
secrets_test.go remove empty subject annotations 2022-08-22 11:01:22 -04:00
secrets.go remove empty subject annotations 2022-08-22 11:01:22 -04:00