Skip to content

Commit

Permalink
Merge pull request #814 from munnerz/automated-cherry-pick-of-#807-#811
Browse files Browse the repository at this point in the history 
…-release-0.4

Automated cherry pick of #807 #811
  • Loading branch information
@jetstack-bot
jetstack-bot committed Aug 10, 2018
2 parents ac283ec + 478e0d8 commit 446963b
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 4 deletions.
7 changes: 7 additions & 0 deletions pkg/issuer/acme/issue.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (

"github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1"
controllerpkg "github.com/jetstack/cert-manager/pkg/controller"
"github.com/jetstack/cert-manager/pkg/util"
"github.com/jetstack/cert-manager/pkg/util/errors"
"github.com/jetstack/cert-manager/pkg/util/kube"
"github.com/jetstack/cert-manager/pkg/util/pki"
Expand Down Expand Up @@ -155,6 +156,12 @@ func (a *Acme) obtainCertificate(ctx context.Context, crt *v1alpha1.Certificate)
return nil, nil, fmt.Errorf("marking certificate as failed to trigger a new order to be created due to lost private key")
}

if commonName != x509Cert.Subject.CommonName || !util.EqualUnsorted(x509Cert.DNSNames, altNames) {
crt.UpdateStatusCondition(v1alpha1.CertificateConditionReady, v1alpha1.ConditionFalse, errorIssueError, "Creating new order due to change in common name", false)
crt.Status.ACMEStatus().Order.URL = ""
return nil, nil, fmt.Errorf("marking certificate as failed to trigger a new order to be created due to change in common name")
}

// encode the retrieved certificate
certBuffer := bytes.NewBuffer([]byte{})
for _, cert := range certSlice {
Expand Down
12 changes: 8 additions & 4 deletions pkg/util/pki/csr.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,10 +123,14 @@ func SignCertificate(template *x509.Certificate, issuerCert *x509.Certificate, p
return nil, nil, fmt.Errorf("error encoding certificate PEM: %s", err.Error())
}

// bundle the CA
err = pem.Encode(pemBytes, &pem.Block{Type: "CERTIFICATE", Bytes: issuerCert.Raw})
if err != nil {
return nil, nil, fmt.Errorf("error encoding issuer cetificate PEM: %s", err.Error())
// don't bundle the CA for selfsigned certificates
// TODO: better comparison method here? for now we can just compare pointers.
if issuerCert != template {
// bundle the CA
err = pem.Encode(pemBytes, &pem.Block{Type: "CERTIFICATE", Bytes: issuerCert.Raw})
if err != nil {
return nil, nil, fmt.Errorf("error encoding issuer cetificate PEM: %s", err.Error())
}
}

return pemBytes.Bytes(), cert, err
Expand Down

0 comments on commit 446963b

Please sign in to comment.