Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return the signed ca in the ca_chain response field within sign-intermediate api call. #15524

Merged
merged 2 commits into from
May 20, 2022
Merged

Return the signed ca in the ca_chain response field within sign-intermediate api call. #15524

merged 2 commits into from
May 20, 2022

Conversation

stevendpclark
Copy link
Contributor

  • When signing a CA certificate we should include it along with the issuers CA chain in the response.

@stevendpclark
Return signed ca as part of ca_chain field within sign-intermediate
797bbb5 
 - When signing a CA certificate we should include it along with the signing CA's CA chain in the response.
@stevendpclark stevendpclark requested review from kitography, cipherboy and a team May 19, 2022 21:56
cipherboy
cipherboy reviewed May 20, 2022
View reviewed changes
builtin/logical/pki/path_root.go
if cb.CAChain != nil && len(cb.CAChain) > 0 {
resp.Data["ca_chain"] = cb.CAChain
}
resp.Data["ca_chain"] = caChain

case "pem_bundle":
resp.Data["certificate"] = cb.ToPEMBundle()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is what makes me think this is a good idea: this gives you leaf + chain of the cert in the certificate field. :-) Avoids the need for concat.

cipherboy
cipherboy reviewed May 20, 2022
View reviewed changes
changelog/15524.txt Outdated Show resolved Hide resolved
@stevendpclark stevendpclark force-pushed the stevendpclark/return-signed-cert-in-chain-sign-intermediate branch from 6c472b7 to f43046e Compare May 20, 2022 13:41
@stevendpclark stevendpclark merged commit c698b71 into main May 20, 2022
@stevendpclark stevendpclark deleted the stevendpclark/return-signed-cert-in-chain-sign-intermediate branch May 20, 2022 15:06
Gabrielopesantos pushed a commit to Gabrielopesantos/vault that referenced this pull request Jun 6, 2022
@stevendpclark @Gabrielopesantos
Return the signed ca in the ca_chain response field within sign-inter…
fd07c70 
…mediate api call. (hashicorp#15524)

* Return signed ca as part of ca_chain field within sign-intermediate

 - When signing a CA certificate we should include it along with the signing CA's CA chain in the response.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cipherboy cipherboy cipherboy approved these changes

@kitography kitography Awaiting requested review from kitography

Assignees
No one assigned
Labels
secret/pki
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stevendpclark @cipherboy