direktil/local-server
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

temp

Browse Source
This commit is contained in:
Mikaël Cluseau 2025-01-26 18:59:51 +01:00
parent b12ce7299f
commit 05eb2bb75f
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/dkl-local-server/tls-ca.go
View File

@ -148,6 +148,7 @@ func getUsableKeyCert(cluster, caName, name, profile, label string, req *csr.Cer
return return
} }
log.Print("cert verify:\n", string(kc.Cert), "\n\nagainst CA certs:\n", string(ca.Cert))
_, err = cert.Verify(x509.VerifyOptions{Roots: pool}) _, err = cert.Verify(x509.VerifyOptions{Roots: pool})
return return
}() }()

13
cmd/dkl-local-server/ws-cluster-cas.go
View File

@ -2,7 +2,9 @@ package main
import ( import (
"fmt" "fmt"
"time"
"github.com/cloudflare/cfssl/helpers"
"github.com/cloudflare/cfssl/log" "github.com/cloudflare/cfssl/log"
restful "github.com/emicklei/go-restful" restful "github.com/emicklei/go-restful"
) )
@ -55,11 +57,22 @@ func getUsableClusterCA(cluster, name string) (ca CA, err error) {
if checkErr != nil { if checkErr != nil {
log.Infof("cluster %s: CA %s: regenerating certificate: %v", cluster, name, checkErr) log.Infof("cluster %s: CA %s: regenerating certificate: %v", cluster, name, checkErr)
prevCerts, _ := helpers.ParseCertificatesPEM(ca.Cert)
err = ca.RenewCert() err = ca.RenewCert()
if err != nil { if err != nil {
err = fmt.Errorf("renew: %w", err) err = fmt.Errorf("renew: %w", err)
} }
now := time.Now()
for _, cert := range prevCerts {
if cert.NotAfter.After(now) {
continue
}
certPEM := helpers.EncodeCertificatePEM(cert)
ca.Cert = append(ca.Cert, certPEM...)
}
err = clusterCAs.Put(key, ca) err = clusterCAs.Put(key, ca)
} }