Comments (3)
This looks like a genuine bug. In the CA.create() method we handle the root CA as a special case, setting the appropriate constraint. And this is missing when generating an intermediate CA.
from goca.
I made some attempts to fix this issue but ran into some difficutlies with the current code architecture.
According to x509 package docs,
The certificate is signed by parent. If parent is equal to template then the certificate is self-signed. The parameter pub is the public key of the certificate to be generated and priv is the private key of the signer.
I was trying to add a parameter to CreateRootCert
in cert.go
that identifies the parent certificate. If this param is not empty, it indicates that we are creating an intermediate CA signed by a parent CA. However, the code quickly got messy as I tried to refactor the logic. The fundamental issue here is that using the x509 package, it doesn't need a CSR for the parent CA to sign the intermediate CA's certificate. It is done automatically inside the CreateCertificate
function.
Does anyone have any better ideas on how to fix this issue?
from goca.
This issue was fixed as part of PR #25. Closing.
from goca.
Related Issues (19)
- CRL is not available after loading CA
- Segmentation violation when attempting to load intermediate CA HOT 1
- GoCA should use ``path/filepath`` to join paths
- Release version 1.2.0 HOT 3
- Implement a better doc test
- enhance linter make recipe
- make unit test suite cross-platform
- evaluate thread safety of storage package
- excessive extention usage on CA certificates HOT 1
- Support databases as storage HOT 3
- passphrases for CA and certificates HOT 4
- creating intermediate ca signed by an external root HOT 5
- When creating an intermediate CA an HTTP 400 can be returned while retaining the CSR on disk.
- net.IP slice breaks swag generated documentation HOT 2
- The version on pkg.go.dev is out-of-date
- git tags is not updated HOT 1
- There's not a IPAddress option when issue a certificate HOT 1
- Private key doesn't contains PKI error HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from goca.