Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add full CA Chain to /pki/cert/ca_chain response #13935

Merged
merged 5 commits into from
Feb 7, 2022
Merged

Add full CA Chain to /pki/cert/ca_chain response #13935

merged 5 commits into from
Feb 7, 2022

Commits on Feb 7, 2022

  1. Include full chain in /cert/ca_chain response 

    This allows callers to get the full chain (including issuing
certificates) from a call to /cert/ca_chain. Previously, most endpoints
(including during issuance) do not include the root authority, requiring
an explicit call to /cert/ca to fetch. This allows full chains to be
constructed without without needing multiple calls to the API.

Resolves: #13489

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Feb 7, 2022
    Configuration menu
    Copy the full SHA
    89fba83 View commit details
    Browse the repository at this point in the history

  2. Add test case for full CA issuance 

    We test three main scenarios:

 1. A root-only CA's `/cert/ca_chain`'s `.data.ca_chain` field should
    contain only the root,
 2. An intermediate CA (with root provide) should contain both the root
    and the intermediate.
 3. An external (e.g., `/config/ca`-provided) CA with both root and
    intermediate should contain both certs.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Feb 7, 2022
    Configuration menu
    Copy the full SHA
    79abaea View commit details
    Browse the repository at this point in the history

  3. Add documentation for new ca_chain field 

    Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Feb 7, 2022
    Configuration menu
    Copy the full SHA
    51eca89 View commit details
    Browse the repository at this point in the history

  4. Add changelog entry 

    Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Feb 7, 2022
    Configuration menu
    Copy the full SHA
    fa29083 View commit details
    Browse the repository at this point in the history

  5. Add note about where to find the entire chain 

    Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
    @cipherboy
    cipherboy committed Feb 7, 2022
    Configuration menu
    Copy the full SHA
    2fa3d00 View commit details
    Browse the repository at this point in the history