pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-07-12 14:28:33 +02:00

History

Caleb Doxsey 9631d9ff1c cryptutil: add a function to normalize PEM files so that leaf certificates appear first (#5642 ) ## Summary Go requires that the first certificate in a bundle be the one associated with a private key: > LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain. On successful return, Certificate.Leaf will be populated. I don't think Go is unusual in this regard, but to make the code more tolerant, add a new `NormalizePEM` function which will take raw PEM data and rewrite it so that leaf certificates appear first. This will be used in zero and the enterprise console. ## Related issues - [ENG-2433](https://linear.app/pomerium/issue/ENG-2423/enterprise-console-updatekeypair-check-is-too-restrictive) ## Checklist - [x] reference any related issues - [x] updated unit tests - [x] add appropriate label (`enhancement`, `bug`, `breaking`, `dependencies`, `ci`) - [x] ready for review		2025-06-06 12:37:02 -06:00
..
tracetest	upgrade to go v1.24 (#5562 )	2025-04-02 15:53:09 -06:00
context.go	tests: use testcontainers (#5341 )	2024-10-30 13:33:30 -06:00
grpc.go	core/zero: add usage reporter (#5281 )	2024-09-12 15:45:54 -06:00
log.go	chore(deps): bump github.com/spf13/viper from 1.16.0 to 1.18.2 (#4861 )	2023-12-27 16:16:38 -07:00
minio.go	chore(deps): bump the go group with 39 updates (#5559 )	2025-04-04 16:26:51 -07:00
postgres.go	chore(deps): bump the go group with 39 updates (#5559 )	2025-04-04 16:26:51 -07:00
testutil.go	testutil: use cmp.Diff in protobuf json assertion (#5517 )	2025-03-07 20:20:27 -05:00
tls.go	cryptutil: add a function to normalize PEM files so that leaf certificates appear first (#5642 )	2025-06-06 12:37:02 -06:00