Test certificate generator doesn't create a certificate chain #622
Conversation
christopher-henderson
force-pushed
the
620
branch
from
5367e31
to
2bea574
Compare
| @@ -334,3 +339,9 @@ var nextSerial = func() func() *big.Int { | |||
| // } | |||
| // return serial | |||
| // } | |||
|
|
|||
| type Certificate struct { | |||
There was a problem hiding this comment.
This might be entirely personal preference/the conventions I'm used to but when I was looking for where this was defined I was expecting it at the top under the imports rather than at the bottom.
Happy to concede this point if I'm the only person who cares.
There was a problem hiding this comment.
So my approach to this is based on a mix of locality and how "interesting" a definition is.
For example, if a packages structs are the main show for external consumers then I will order it as
struct A def
impl A def
...
...
...
struct B def
impl B def
...
...
...
If a type is very specific to a local use, then I feel fine keep its definition local to that use (even if its smack dab in the middle of the file)
func
func
func
struct def
func that uses the above def as a one-off
func
func
Now, to me, this struct def falls under the "just not very interesting" category. It's a way to shuttle around a parsed certificate alongside with its original key. It's more of an oddity then a feature of interest (at least to me).
|
Apart from my minor formatting request it looks good to me. |
This PR addresses #620 wherein @robplee identified that certs were incorrectly passed their own private key as the signing key, resulting in a "chain" of self signed certificates.
I also went ahead and knocked out some other issues such as the incorrectly setting
BasicConstraintsValid = falsefor signing certificates and assigned broad validity dates.