mirror of
https://github.com/hashicorp/vault.git
synced 2026-02-19 02:49:18 -05:00
7267d6ee56
Vault's new TLS devvault mode has two nits with certificate
construction:
1. The CA doesn't need to include any SANs, as these aren't checked.
Technically this means the CA could be reused as a leaf certificate
for the one specified IP SAN, which is less desirable.
2. Add hostname to SANs in addition to CNs. This is a best practice, as
(when the CN is a hostname), it is preferable to have everything in
SANs as well.
Neither of these are major changes.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
|
||
|---|---|---|
| .. | ||
| test-fixtures | ||
| config.go | ||
| config_custom_response_headers_test.go | ||
| config_oss_test.go | ||
| config_telemetry_test.go | ||
| config_test.go | ||
| config_test_helpers.go | ||
| config_test_helpers_util.go | ||
| config_util.go | ||
| listener.go | ||
| listener_tcp.go | ||
| listener_tcp_test.go | ||
| listener_test.go | ||
| server_seal_transit_acc_test.go | ||
| tls_util.go | ||