mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-18 00:58:08 +02:00
9631d9ff1c
## Summary Go requires that the first certificate in a bundle be the one associated with a private key: > LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain. On successful return, Certificate.Leaf will be populated. I don't think Go is unusual in this regard, but to make the code more tolerant, add a new `NormalizePEM` function which will take raw PEM data and rewrite it so that leaf certificates appear first. This will be used in zero and the enterprise console. ## Related issues - [ENG-2433](https://linear.app/pomerium/issue/ENG-2423/enterprise-console-updatekeypair-check-is-too-restrictive) ## Checklist - [x] reference any related issues - [x] updated unit tests - [x] add appropriate label (`enhancement`, `bug`, `breaking`, `dependencies`, `ci`) - [x] ready for review |
||
|---|---|---|
| .. | ||
| testdata | ||
| certificates.go | ||
| certificates_index.go | ||
| certificates_index_test.go | ||
| certificates_test.go | ||
| dek.go | ||
| dek_test.go | ||
| doc.go | ||
| encrypt.go | ||
| encrypt_test.go | ||
| hash.go | ||
| hash_test.go | ||
| helpers.go | ||
| helpers_test.go | ||
| hmac.go | ||
| hmac_test.go | ||
| jose.go | ||
| jose_test.go | ||
| kek.go | ||
| kek_test.go | ||
| pem.go | ||
| pem_test.go | ||
| pseudonymize.go | ||
| sign.go | ||
| tls.go | ||
| tls_test.go | ||
| token.go | ||
| token_test.go | ||
| x509.go | ||
| x509_test.go | ||