forked from hswaw/hscloud
prodvider: use SANs in service certificates
This fixes compatibility with prodaccess tools built with Go 1.15, which introduced 'X.509 CommonName deprecation' [1]. [1] - https://golang.org/doc/go1.15#commonname Change-Id: I228cde3e5651a3e36f527783f2ccb4a2f6b7a8e3
This commit is contained in:
parent
44628f2b9e
commit
f0acf16564
2 changed files with 3 additions and 2 deletions
|
@ -9,7 +9,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
|
||||
cfg:: {
|
||||
namespace: "prodvider",
|
||||
image: "registry.k0.hswaw.net/q3k/prodvider:1596298570-f3312ef77ed0db94e20944efc6395750072f54d5",
|
||||
image: "registry.k0.hswaw.net/q3k/prodvider:1601735780-d6c072a90e70b467a77039daebe602c77b4a84a1",
|
||||
|
||||
apiEndpoint: error "API endpoint must be set",
|
||||
|
||||
|
|
|
@ -57,6 +57,7 @@ func (p *prodvider) makeSelfCSR() ([]byte, []byte, error) {
|
|||
OU: signerCert.Subject.OrganizationalUnit[0],
|
||||
},
|
||||
},
|
||||
Hosts: []string{flagProdviderCN},
|
||||
}
|
||||
|
||||
g := &csr.Generator{
|
||||
|
@ -68,7 +69,7 @@ func (p *prodvider) makeSelfCSR() ([]byte, []byte, error) {
|
|||
|
||||
func (p *prodvider) makeSelfCertificate(csr []byte) ([]byte, error) {
|
||||
req := signer.SignRequest{
|
||||
Hosts: []string{},
|
||||
Hosts: []string{flagProdviderCN},
|
||||
Request: string(csr),
|
||||
Profile: "server",
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue