Steven Clark 0637f5e316 PKI: Change sign-intermediate to truncate notAfter by default (behavior change) (#26796) ... * PKI: Change sign-intermediate to truncate notAfter by default - The PKI sign-intermediate API allowed an end-user to request a TTL value that would extend beyond the signing issuer's notAfter. This would generate an invalid CA chain when properly validated. - We are now changing the default behavior to truncate the returned certificate to the signing issuer's notAfter. - End-users can get the old behavior by configuring the signing issuer's leaf_not_after_behavior field to permit, and call sign-intermediary with the new argument enforce_leaf_not_after_behavior to true. The new argument could also be used to enforce an error instead of truncating behavior if the signing issuer's leaf_not_after_behavior is set to err. * Add cl * Add cl and upgrade note * Apply suggestions from code review Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> --------- Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>		2024-05-09 11:22:04 -04:00
..
auth	Add ExternalID support to AWS Auth STS configuration (#26628)	2024-05-07 11:10:57 -04:00
secret	PKI: Change sign-intermediate to truncate notAfter by default (behavior change) (#26796)	2024-05-09 11:22:04 -04:00
system	Consistency using HMAC'd vs HMAC'ed (#26875)	2024-05-08 11:13:23 +00:00
index.mdx	document that LISTs with no results return 404 (#25989)	2024-03-18 13:11:42 -04:00
libraries.mdx	[DOCS] Update deprecation pages (#26597)	2024-04-24 09:28:49 -07:00
relatedtools.mdx	convert OSS language to "community" (#22343)	2023-08-15 13:31:52 -04:00