github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #99412 from enj/enj/i/ttl_backdate

Browse Source 
csr: correctly handle backdating of short lived certs
This commit is contained in:
Kubernetes Prow Robot
2021-06-23 15:00:10 -07:00
committed by GitHub
parent 53592b3222 7e891e5d6c
commit 3a07d96d25
7 changed files with 148 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/kubelet/app/server_bootstrap_test.go
View File

@@ -298,14 +298,14 @@ func (s *csrSimulator) ServeHTTP(w http.ResponseWriter, req *http.Request) {
ca := &authority.CertificateAuthority{
Certificate: s.serverCA,
PrivateKey: s.serverPrivateKey,
Backdate: s.backdate,
}
cr, err := capihelper.ParseCSR(csr.Spec.Request)
if err != nil {
t.Fatal(err)
}
der, err := ca.Sign(cr.Raw, authority.PermissiveSigningPolicy{
TTL: time.Hour,
TTL: time.Hour,
Backdate: s.backdate,
})
if err != nil {
t.Fatal(err)