weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
68f5ceb3b4
cert-manager/pkg/controller
History
Ashley Davis 68f5ceb3b4
Fix manually specified Certificate and CertificateRequest versions 
Basically all modern X.509 certs are version 3, but confusingly to
specify "version 3" in an encoded cert, the version number is actually
2.

For PKCS#10 CSRs, the only valid version is 1, which again
confusingly has the value "0" when encoded.

This was incorrect in many places, including one place in which the
version number on a CSR was used as a certificate's version number,
when the two are entirely unrelated.

Go ignores these values, so there's no functional changes here; still,
it's better to be accurate.

Go ignoring CSR version and specifying 0:
https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1958

Go ignoring Certificate version and specifying 2:
https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1534

PKCS#10 CSR specification in RFC 2986 section 4.1:
https://datatracker.ietf.org/doc/html/rfc2986#section-4

X.509 Cert specification in RFC 5280 section 4.1.2.1:
https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.1

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
2021-08-19 14:48:12 +01:00
..
acmechallenges HTTP01 solver support for the Gateway API 2021-08-02 14:06:16 +01:00
acmeorders Revert "memory leak: clean up scheduler goroutine on cert deletion" 2021-07-28 19:19:39 +02:00
cainjector Cleanup codegen script 2021-05-17 08:11:19 -07:00
certificate-shim nil pointer: the Gateway API is full of pointers 2021-08-03 15:43:16 +02:00
certificaterequests Fix manually specified Certificate and CertificateRequest versions 2021-08-19 14:48:12 +01:00
certificates feat: update object description explaning the current behaviour 2021-08-03 09:26:23 +01:00
certificatesigningrequests Fix manually specified Certificate and CertificateRequest versions 2021-08-19 14:48:12 +01:00
clusterissuers static analysis: pkg/controller 2021-05-21 12:03:47 +01:00
issuers ./hack/update-deps.sh 2021-05-07 09:55:09 +01:00
test Update pkg/controller/test/context_builder.go 2021-07-26 18:29:56 +01:00
BUILD.bazel Don't error if owner not found in cache 2021-08-17 08:31:49 +01:00
builder.go Use The cert-manager Authors. 2020-12-11 19:04:13 +01:00
context.go HTTP01 solver support for the Gateway API 2021-08-02 14:06:16 +01:00
controller.go remove unnecessary wait.Until 2021-07-27 21:43:54 +02:00
helper.go Tidy godoc comments 2021-05-05 16:21:24 +01:00
register.go gosimple: S1019 2021-05-04 14:17:06 +01:00
util_test.go Allows for annotations passed from CSR to Order to be filtered 2021-07-27 10:55:09 +01:00
util.go Don't error if owner not found in cache 2021-08-17 08:31:49 +01:00