github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update serial number to a valid non-zero number in ca certificate (#117791)

Browse Source 
* update serial number to a valid non-zero number in ca certificate

* fix the existing problem (0 SerialNumber in all certificate) as part of this PR in a separate commit
This commit is contained in:
Min Ni
2023-05-09 06:34:08 -07:00
committed by GitHub
parent 9e9ec8f62c
commit e865b30abd
5 changed files with 34 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
test/utils/pki_helpers.go
View File

@@ -53,10 +53,12 @@ func EncodeCertPEM(cert *x509.Certificate) []byte {
// NewSignedCert creates a signed certificate using the given CA certificate and key
func NewSignedCert(cfg *certutil.Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error) {
serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64))
// returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max).
serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1))
if err != nil {
return nil, err
}
serial = new(big.Int).Add(serial, big.NewInt(1))
if len(cfg.CommonName) == 0 {
return nil, fmt.Errorf("must specify a CommonName")
}