From 23045e1812ce402e1847cbb01bc9cd0c08192646 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Thu, 22 Sep 2022 11:05:06 -0700 Subject: [PATCH] Clarify comments by code review --- authority/authority.go | 3 ++- authority/options.go | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/authority/authority.go b/authority/authority.go index 87600d1a..e71461e1 100644 --- a/authority/authority.go +++ b/authority/authority.go @@ -378,7 +378,8 @@ func (a *Authority) init() error { return err } // If not defined with an option, add intermediates to the the list - // of used for constraints purposes. + // of certificates used for name constraints validation at issuance + // time. if len(a.intermediateX509Certs) == 0 { a.intermediateX509Certs = append(a.intermediateX509Certs, options.CertificateChain...) } diff --git a/authority/options.go b/authority/options.go index cc2fc532..09aaac84 100644 --- a/authority/options.go +++ b/authority/options.go @@ -240,16 +240,16 @@ func WithX509FederatedCerts(certs ...*x509.Certificate) Option { } } -// WithX509RootCerts is an option that allows to define the list of intermediate -// certificates that the CA will be using. This option will replace any -// intermediate certificate defined before. +// WithX509IntermediateCerts is an option that allows to define the list of +// intermediate certificates that the CA will be using. This option will replace +// any intermediate certificate defined before. // // Note that these certificates will not be bundled with the certificates signed // by the CA, the CAS service will take care of that, although they should // match, this is not guaranteed. These certificates will be mainly used for // constraint purposes. // -// This option should only used on specific configurations, for example when +// This option should only be used on specific configurations, for example when // WithX509SignerFunc is used, as we don't know the list of intermediates on // advance. func WithX509IntermediateCerts(intermediateCerts ...*x509.Certificate) Option {