Use go-certmanager library for unified cert management#91
Open
Use go-certmanager library for unified cert management#91
Conversation
Replace pre-release pseudo-version with go-certmanager v0.1.1, adapting to all API changes and introducing a two-manager architecture: server.Service for the gRPC API listener and client.Service for outgoing DKG sender connections. Key changes: - Remove fetcher/majordomo intermediary; use WithMajordomo() directly - Rename WithReloadTimeout -> WithLoadTimeout, TryReloadCertificate -> ReloadCertificate - Use credentials.NewGRPCClientCredentials() for sender TLS - Use credentials.NewServerTLSConfig() for API server TLS - Simplify SAN handling to DNS-only (IdentitySource is now uint) - Fix bug: sender parameters checked wrong nil variable - Fix bug: checker logged IdentitySource via string() instead of .String()
Reorder struct fields in sender/grpc parameters to satisfy attgo_struct_field_order. Reduce cyclomatic complexity in hasField (reflect-based numeric comparison) and SetupCerts (loop over slice).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Integrate go-certmanager library and unify certificate management by using server cert manager for both grpcapi (server) and sender (client) services and supporting on-demand certificate reload on SIGHUP.
This PR also adds RFC 6125-compliant SAN support for client certificate identity extraction on Dork.