trim leaf cert and key when generated #10417
Conversation
github-actions
bot
added
the
theme/connect
|
Thank you for working on this! I just had another read of #8178 to refresh my memory of the issue. My understanding matches what was said here: #8178 (comment) I believe the problem is actually the inverse of what is implemented in the PR, we should be adding a newline somewhere when one is missing, not removing newlines. The spec wants a single trailing newline after the cert, and an extra one to separate multiple certs. |
|
|
This reverts commit 98b5649
| cert := strings.TrimSuffix(buf.String(), "\n") | ||
|
|
||
| // Set the response | ||
| return buf.String(), nil | ||
| return fmt.Sprintf("%s\n", cert), nil |
There was a problem hiding this comment.
as we chatted, using HasSuffix may avoid the allocation in the common case.
| @@ -438,8 +439,10 @@ func (c *ConsulProvider) Sign(csr *x509.CertificateRequest) (string, error) { | |||
| return "", fmt.Errorf("error encoding certificate: %s", err) | |||
| } | |||
|
|
|||
| cert := strings.TrimSuffix(buf.String(), "\n") | |||
There was a problem hiding this comment.
Maybe a comment to say we don't expect a missing newline, but we are doing this because other providers had the problem and we want to be cautious.
|
This will be handled in #10411 |
this is fix #8178
When we generate a key the tls lib add a trailing end of line to each generated certificate. This PR is to remove the trailing newline from the certPEM and private key