Ashley Davis 17ec9ea8e7 fix check for self-signed certs in EncodeX509Chain ... see also https://github.com/jetstack/cert-manager/issues/4142 EncodeX509Chain checked for self-signed certs by comparing the subject and issuer of the cert in question, which is invalid since it's perfectly fine for those to match. the correct behavior is to use cert.CheckSignatureFrom(cert). this bug was exposed in 1.4 when ParseSingleCertificateChain started using EncodeX509Chain in the critical path of several issuers; when end-users had leaf certificates with subjects matching their issuer's subject, the bug was triggered. includes newly written tests for EncodeX509Chain and a test for ParseSingleCertificateChain Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>		2021-07-21 16:45:48 +01:00
..
cmapichecker	improved ux	2021-07-16 13:11:40 +02:00
cmd	Use The cert-manager Authors.	2020-12-11 19:04:13 +01:00
coverage	Log a message when test framework fails to parse cover profile flag	2021-05-05 16:40:16 +01:00
errors	Use The cert-manager Authors.	2020-12-11 19:04:13 +01:00
feature	Use The cert-manager Authors.	2020-12-11 19:04:13 +01:00
kube	linter party: duplicate import of k8s.io/api/core/v1 (ST1019)	2021-07-06 12:51:01 +02:00
pki	fix check for self-signed certs in EncodeX509Chain	2021-07-21 16:45:48 +01:00
predicate	Use The cert-manager Authors.	2020-12-11 19:04:13 +01:00
profiling	Use The cert-manager Authors.	2020-12-11 19:04:13 +01:00
BUILD.bazel	Add kubectl 'cert-manager check api' command	2021-07-15 16:50:31 +02:00
context.go	Use The cert-manager Authors.	2020-12-11 19:04:13 +01:00
useragent.go	Rename the User Agent fields	2020-12-15 17:25:18 +01:00
util_test.go	Use The cert-manager Authors.	2020-12-11 19:04:13 +01:00
util.go	Use The cert-manager Authors.	2020-12-11 19:04:13 +01:00
version_test.go	Use The cert-manager Authors.	2020-12-11 19:04:13 +01:00
version.go	Use The cert-manager Authors.	2020-12-11 19:04:13 +01:00