Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix 1.8 regression preventing email addresses being used as common name within pki certificates (#12336) #12716

Merged
merged 2 commits into from
Oct 4, 2021
Merged

Fix 1.8 regression preventing email addresses being used as common name within pki certificates (#12336) #12716

merged 2 commits into from
Oct 4, 2021

Conversation

stevendpclark
Copy link
Contributor

This PR addresses a regression introduced within 1.8 that prevents email addresses from being leveraged as common names within pki certificates. It still enforces that the email address was listed as an allowed domain within the role as well as allow_bare_domains set to true.

Added two test cases that validate the behaviour in the bug report

  • common name as an email address with a matching email address within allowed domain in the role
  • common name as an email address with a matching allowed domain name within the allowed domain in the role.

Addresses issue reported within #12336

@hashicorp-cla
Copy link

hashicorp-cla commented Oct 4, 2021
edited
Loading

CLA assistant check
All committers have signed the CLA.

@stevendpclark stevendpclark requested a review from sgmiller October 4, 2021 15:49
sgmiller
sgmiller approved these changes Oct 4, 2021
View reviewed changes
Copy link
Collaborator

@sgmiller sgmiller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me!

@vercel vercel bot temporarily deployed to Preview – vault October 4, 2021 16:48 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook October 4, 2021 16:48 Inactive
@stevendpclark stevendpclark force-pushed the stevendpclark/VAULT-12336-regression-fix-allow-emails-within-alloweddomain branch from 4ebeae1 to d032b53 Compare October 4, 2021 17:35
@vercel vercel bot temporarily deployed to Preview – vault October 4, 2021 17:35 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook October 4, 2021 17:35 Inactive
victorr
victorr approved these changes Oct 4, 2021
View reviewed changes
Copy link
Contributor

@victorr victorr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@stevendpclark stevendpclark merged commit 70012cd into main Oct 4, 2021
@stevendpclark stevendpclark deleted the stevendpclark/VAULT-12336-regression-fix-allow-emails-within-alloweddomain branch October 4, 2021 18:02
@stevendpclark stevendpclark mentioned this pull request Oct 4, 2021
Closed
@stevendpclark stevendpclark added this to the 1.8.4 milestone Oct 4, 2021
stevendpclark added a commit that referenced this pull request Oct 4, 2021
@stevendpclark
Fix 1.8 regression preventing email addresses being used as common na…
46527de 
…me within pki certificates (#12336) (#12716)

* Fix 1.8 regression preventing email addresses being used as common name within pki certs (#12336)

* Add changelog
@stevendpclark stevendpclark mentioned this pull request Oct 4, 2021
Merged
@hghaf099 hghaf099 mentioned this pull request Oct 4, 2021
Closed
stevendpclark added a commit that referenced this pull request Oct 5, 2021
@stevendpclark
Fix 1.8 regression preventing email addresses being used as common na…
0dc1cd7 
…me within pki certificates (#12336) (#12716) (#12723)

* Fix 1.8 regression preventing email addresses being used as common name within pki certs (#12336)

* Add changelog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgmiller sgmiller sgmiller approved these changes

@cipherboy cipherboy cipherboy approved these changes

@victorr victorr victorr approved these changes

Assignees
No one assigned
Labels
backport
Projects
None yet
Milestone
1.8.4
Development

Successfully merging this pull request may close these issues.
5 participants
@stevendpclark @hashicorp-cla @victorr @cipherboy @sgmiller