mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-17 03:57:01 +02:00
3b14cd2061
* Allow CSRs with basic constraint extension with IsCA=false - We previously forbid any CSR with a basic constraint extension within the CSR. - It was discovered that some ACME clients (Proxmox ACME client) do send us this extension with a value of IsCA to false. - So allow the extension to be set within the ACME CSR with a value of IsCA set to false - Add a test for both the IsCA=true and IsCA=false use-cases and make sure we don't actually set the extension back within the generated certificate. * PR feedback - Move basic constraint function to sdk, increase test coverage - Error out on extra characters being returned from the asn1 unmarshalling. * make fmt |
||
|---|---|---|
| .. | ||
| certutil_test.go | ||
| helpers.go | ||
| types.go | ||