weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
68f5ceb3b4
cert-manager/pkg/util
History
Ashley Davis 68f5ceb3b4
Fix manually specified Certificate and CertificateRequest versions 
Basically all modern X.509 certs are version 3, but confusingly to
specify "version 3" in an encoded cert, the version number is actually
2.

For PKCS#10 CSRs, the only valid version is 1, which again
confusingly has the value "0" when encoded.

This was incorrect in many places, including one place in which the
version number on a CSR was used as a certificate's version number,
when the two are entirely unrelated.

Go ignores these values, so there's no functional changes here; still,
it's better to be accurate.

Go ignoring CSR version and specifying 0:
https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1958

Go ignoring Certificate version and specifying 2:
https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1534

PKCS#10 CSR specification in RFC 2986 section 4.1:
https://datatracker.ietf.org/doc/html/rfc2986#section-4

X.509 Cert specification in RFC 5280 section 4.1.2.1:
https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.1

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
2021-08-19 14:48:12 +01:00
..
cmapichecker improved ux 2021-07-16 13:11:40 +02:00
coverage Log a message when test framework fails to parse cover profile flag 2021-05-05 16:40:16 +01:00
errors Use The cert-manager Authors. 2020-12-11 19:04:13 +01:00
feature Use The cert-manager Authors. 2020-12-11 19:04:13 +01:00
kube linter party: duplicate import of k8s.io/api/core/v1 (ST1019) 2021-07-06 12:51:01 +02:00
pki Fix manually specified Certificate and CertificateRequest versions 2021-08-19 14:48:12 +01:00
predicate Use The cert-manager Authors. 2020-12-11 19:04:13 +01:00
profiling Use The cert-manager Authors. 2020-12-11 19:04:13 +01:00
versionchecker rerun git tags command when //:version changes 2021-08-13 22:59:38 +02:00
BUILD.bazel Merge pull request #4226 from inteon/simple_kubectl_check_version 2021-08-03 12:36:19 +01:00
useragent.go Rename the User Agent fields 2020-12-15 17:25:18 +01:00
util_test.go Use The cert-manager Authors. 2020-12-11 19:04:13 +01:00
util.go Use The cert-manager Authors. 2020-12-11 19:04:13 +01:00
version_test.go Use The cert-manager Authors. 2020-12-11 19:04:13 +01:00
version.go don't early-stop, instead return all versions 2021-07-29 15:06:31 +02:00