Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use only name constraints in GetTLSCertificate

Browse Source
pull/1061/head
Mariano Cano 2 years ago
parent 0bedd22850
commit c9e7af3722
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File

4
authority/tls.go
Unescape Escape View File

@ -640,8 +640,8 @@ func (a *Authority) GetTLSCertificate() (*tls.Certificate, error) {
certTpl.EmailAddresses = cr.EmailAddresses
certTpl.URIs = cr.URIs
// Fail if name constraints or policy does not allow the server names.
if err := a.isAllowedToSignX509Certificate(certTpl); err != nil {
// Fail if name constraints do not allow the server names.
if err := a.constraintsEngine.ValidateCertificate(certTpl); err != nil {
return fatal(err)
}

Write Preview
Loading…
Cancel
Save