New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bugfix: include all CA certificates in encoded pkcs12/jks stores #6806
Conversation
Signed-off-by: Bill Waldrep <bwaldrep@palantir.com>
Hi @bwaldrep. Thanks for your PR. I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Signed-off-by: Bill Waldrep <bwaldrep@palantir.com>
Thanks @bwaldrep! |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: inteon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/cherrypick release-1.14 |
@inteon: once the present PR merges, I will cherry-pick it on top of release-1.14 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherrypick release-1.13 |
@inteon: once the present PR merges, I will cherry-pick it on top of release-1.13 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherrypick release-1.12 |
@inteon: once the present PR merges, I will cherry-pick it on top of release-1.12 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@inteon: new pull request created: #6812 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@inteon: #6806 failed to apply on top of branch "release-1.13":
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@inteon: #6806 failed to apply on top of branch "release-1.12":
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Pull Request Motivation
Fixes #6803. When either a JKS or PKCS12 keystore is requested, the contents of the generated truststores should match the contents of the
ca.crt
field in the rendered secret. Previously if an issuer returned multiple concatenated CAs when signing a CertificateRequest only the first CA would be included in the truststores, despite the full set appearing in theca.crt
field.Kind
/kind bug
Release Note