cert-manager

History

Ashley Davis 17ec9ea8e7 fix check for self-signed certs in EncodeX509Chain see also https://github.com/jetstack/cert-manager/issues/4142 EncodeX509Chain checked for self-signed certs by comparing the subject and issuer of the cert in question, which is invalid since it's perfectly fine for those to match. the correct behavior is to use cert.CheckSignatureFrom(cert). this bug was exposed in 1.4 when ParseSingleCertificateChain started using EncodeX509Chain in the critical path of several issuers; when end-users had leaf certificates with subjects matching their issuer's subject, the bug was triggered. includes newly written tests for EncodeX509Chain and a test for ParseSingleCertificateChain Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>		2021-07-21 16:45:48 +01:00
..
acme	Adds a bunch of comments for exported types	2021-05-19 10:19:43 +01:00
api	Add explicit WithObservedGeneration versions of the Wait and Condition functions	2021-06-29 15:48:13 +02:00
apis	Adds CertificateSigningRequest venafi annotations to experimental API	2021-07-19 15:50:23 +01:00
client	Run a codegen update	2021-01-08 15:05:32 +01:00
controller	More comments	2021-07-19 19:29:40 +01:00
ctl	static analysis fixes	2021-05-21 12:04:11 +01:00
feature	Moves CertificateSigningRequest controller to feature gate flag	2021-05-27 12:00:56 +01:00
internal	validation: leftmost align and guard statements instead of 'switch'	2021-07-06 12:51:01 +02:00
issuer	Adds comments to some func's and changes return err names to be more	2021-07-19 15:50:23 +01:00
logs	linter party: receiver name should be omitted instead of _ (ST1006)	2021-07-06 12:51:01 +02:00
metrics	run ./hack/update-bazel.sh	2021-06-15 17:48:31 +00:00
scheduler	Add a fake scheduler	2021-05-19 13:05:59 +01:00
util	fix check for self-signed certs in EncodeX509Chain	2021-07-21 16:45:48 +01:00
webhook	further static check fixes	2021-05-21 12:04:05 +01:00