You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Removing pathlen information in accordance with RFC5280 4.2.1.9 (google#78)
* Update entity.go
According to https://tools.ietf.org/html/rfc5280 the pathlen information must be omitted if the CA boolean is false. In this case, since you never assert the CA to be true (hence default false) you must remove the pathlen information.
* remove certMaxPathLen variable
* certMaxPathLen needed to generate templateCA cert
Previously I removed the MaxPathLen and MaxPathLenZero information from Template(), however, TemplateCA() assumes this information present when calling Template() thus I've re-added the certMaxPathLen variable and moved the addition of that pathlen information from Template() to TemplateCA()
* remove pathlen from install,rotate,provision certs
The certificates that were being installed on the devices via RPCs install and provision were using signer() func in gnoi_cert.go that took the CSR from the device. signer() used FromSigningRequest() to sign certs and thus was also adding pathlen information to the certificates that would be installed on the device.
0 commit comments