mirror of https://github.com/hashicorp/consul
connect/ca: return a better error message if the CA isn't fully initialized when signing
parent
ddc4a8d848
commit
a28ba4687d
|
@ -328,6 +328,9 @@ func (c *ConsulProvider) Sign(csr *x509.CertificateRequest) (string, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
if providerState.PrivateKey == "" {
|
||||||
|
return "", ErrNotInitialized
|
||||||
|
}
|
||||||
|
|
||||||
// Create the keyId for the cert from the signing private key.
|
// Create the keyId for the cert from the signing private key.
|
||||||
signer, err := connect.ParseSigner(providerState.PrivateKey)
|
signer, err := connect.ParseSigner(providerState.PrivateKey)
|
||||||
|
@ -623,9 +626,9 @@ func (c *ConsulProvider) generateCA(privateKey string, sn uint64) (string, error
|
||||||
serialNum := &big.Int{}
|
serialNum := &big.Int{}
|
||||||
serialNum.SetUint64(sn)
|
serialNum.SetUint64(sn)
|
||||||
template := x509.Certificate{
|
template := x509.Certificate{
|
||||||
SerialNumber: serialNum,
|
SerialNumber: serialNum,
|
||||||
Subject: pkix.Name{CommonName: name},
|
Subject: pkix.Name{CommonName: name},
|
||||||
URIs: []*url.URL{id.URI()},
|
URIs: []*url.URL{id.URI()},
|
||||||
BasicConstraintsValid: true,
|
BasicConstraintsValid: true,
|
||||||
KeyUsage: x509.KeyUsageCertSign |
|
KeyUsage: x509.KeyUsageCertSign |
|
||||||
x509.KeyUsageCRLSign |
|
x509.KeyUsageCRLSign |
|
||||||
|
|
Loading…
Reference in New Issue