mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-15 12:17:56 +00:00
Code Activity

feat: parse all root CA certs (#3808)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
This commit is contained in:
Charles-Edouard Brétéché 2022-05-05 10:31:22 +02:00 committed by GitHub
parent 5be6a4e2b0
commit 9a1a82e3b5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
pkg/tls/certRenewer.go
View file

@ -343,19 +343,11 @@ func (c *CertRenewer) ValidCert() (bool, error) {
// build cert pool // build cert pool
pool := x509.NewCertPool() pool := x509.NewCertPool()
caPem, _ := pem.Decode(rootCA) if !pool.AppendCertsFromPEM(rootCA) {
if caPem == nil {
logger.Error(err, "bad certificate") logger.Error(err, "bad certificate")
return false, nil return false, nil
} }
cac, err := x509.ParseCertificate(caPem.Bytes)
if err != nil {
logger.Error(err, "failed to parse CA cert")
return false, nil
}
pool.AddCert(cac)
// valid PEM pair // valid PEM pair
_, err = tls.X509KeyPair(tlsPair.Certificate, tlsPair.PrivateKey) _, err = tls.X509KeyPair(tlsPair.Certificate, tlsPair.PrivateKey)
if err != nil { if err != nil {