consul/agent/connect
Matt Keeler 677d6dac80 Remove x509 name constraints
These were only added as SPIFFE intends to use the in the future but currently does not mandate their usage due to patch support in common TLS implementations and some ambiguity over how to use them with URI SAN certificates. We included them because until now everything seem fine with it, however we've found the latest version of `openssl` (1.1.0h) fails to validate our certificats if its enabled. LibreSSL as installed on OS X by default doesn’t have these issues. For now it's most compatible not to have them and later we can find ways to add constraints with wider compatibility testing.
2018-06-25 12:26:10 -07:00
..
ca Remove x509 name constraints 2018-06-25 12:26:10 -07:00
csr.go connect/ca: undo the interface changes and use sign-self-issued in Vault 2018-06-25 12:25:42 -07:00
generate.go Fix logical conflicts with CA refactor 2018-06-14 09:42:17 -07:00
parsing.go connect/ca: update Consul provider to use new cross-sign CSR method 2018-06-25 12:25:41 -07:00
testing_ca.go Remove x509 name constraints 2018-06-25 12:26:10 -07:00
testing_ca_test.go connect.Service based implementation after review feedback. 2018-06-14 09:41:56 -07:00
testing_spiffe.go Fixed many tests after rebase. Some still failing and seem unrelated to any connect changes. 2018-06-14 09:42:16 -07:00
uri.go agent/connect: Authorize for CertURI 2018-06-14 09:41:54 -07:00
uri_service.go agent/connect: Authorize for CertURI 2018-06-14 09:41:54 -07:00
uri_service_test.go agent/connect: Authorize for CertURI 2018-06-14 09:41:54 -07:00
uri_signing.go Generate CSR using real trust-domain 2018-06-14 09:42:16 -07:00
uri_signing_test.go Fixed many tests after rebase. Some still failing and seem unrelated to any connect changes. 2018-06-14 09:42:16 -07:00
uri_test.go