Allow multiple (intermediate) CA certs #78
Conversation
|
This looks good structurally, however I don't think we can change the call signatures of existing exported functions in order to avoid breaking users of this library. We'd probably need to modify this PR to include new functions that return |
knoppiks
force-pushed
the
multiple-ca-certs
branch
from
1bfb2bc to
9c4bda5
Compare
Signed-off-by: Jonas Wagner <[email protected]>
knoppiks
force-pushed
the
multiple-ca-certs
branch
from
9c4bda5 to
0230404
Compare
|
@brandond Please have a look. I tried my best with the naming, maybe you have better suggestions. |
brandond
left a comment
brandond
left a comment
There was a problem hiding this comment.
couple nits on error handing and naming, looks good otherwise!
knoppiks
force-pushed
the
multiple-ca-certs
branch
from
4f561ec to
e4ce4d0
Compare
Co-authored-by: Brad Davidson <[email protected]> Signed-off-by: Jonas Wagner <[email protected]
Co-authored-by: Brad Davidson <[email protected]> Signed-off-by: Jonas Wagner <[email protected]>
knoppiks
force-pushed
the
multiple-ca-certs
branch
from
e4ce4d0 to
6cc9a67
Compare
|
Any news here? I'd really like to tackle the k3s portion of this fix. |
|
Hey @knoppiks we're in code freeze at the moment for July releases, but after that we'll be looking for one more reviewer/approver for this PR. I will bring it up with the team after freeze is lifted! |
|
We can get it approved and merged here, and then hold off on updating anything in K3s until after the freeze is over. This repo is not subject to code freeze. |
5 participants
This PR tries to enable the dynamiclistener to hand out not only the first signing certificate it finds in the CA chain.
I stumbled on this discussion while searching for the exact problem in k3s, where @brandond pointed to this repository.
Maybe it would be good to add tests but being not a go expert I struggle to comprehend the tests conducted on the listener.