x509 - Code Search

staging/src/k8s.io/apiserver/pkg/server/options/serving_test.go

		return nil, nil, err
	}

	template := x509.Certificate{
		SerialNumber: big.NewInt(1),
		Subject: pkix.Name{
			CommonName: fmt.Sprintf("%s@%d", host, time.Now().Unix()),
		},
		NotBefore: time.Unix(0, 0),
		NotAfter:  time.Now().Add(time.Hour * 24 * 365 * 100),

		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Thu May 09 15:52:39 UTC 2024

- 13.8K bytes

- Viewed (0)

github.com/kubernetes/kubernetes

cmd/kubeadm/app/phases/certs/certlist.go

				// Once the upstream issue is resolved, this should be returned to only allowing
				// ServerAuth usage.
				Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
			},
		},
		configMutators: []configMutatorsFunc{
			makeAltNamesMutator(pkiutil.GetEtcdAltNames),
			setCommonNameToNodeName(),
		},
	}
}

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Wed May 01 16:01:49 UTC 2024

- 15.8K bytes

- Viewed (0)

github.com/golang/go

src/crypto/tls/boring_test.go

		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
		BasicConstraintsValid: true,
	}
	if mode&^boringCertFIPSOK == boringCertLeaf {
		tmpl.DNSNames = []string{"example.com"}
	} else {
		tmpl.IsCA = true
		tmpl.KeyUsage |= x509.KeyUsageCertSign
	}

Registered: Wed Jun 12 16:32:35 UTC 2024

- Last Modified: Wed May 22 21:45:37 UTC 2024

- 19.4K bytes

- Viewed (0)

github.com/kubernetes/kubernetes

cmd/kubeadm/app/phases/certs/certlist_test.go

	daughterCert, _ := parseCertAndKey(filepath.Join(dir, "test-daughter"), t)

	pool := x509.NewCertPool()
	pool.AddCert(caCert)

	_, err = daughterCert.Verify(x509.VerifyOptions{
		DNSName:   "test-domain.space",
		Roots:     pool,
		KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
	})
	if err != nil {
		t.Errorf("couldn't verify daughter cert: %v", err)
	}

}

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Wed May 01 16:01:49 UTC 2024

- 8.8K bytes

- Viewed (0)

github.com/kubernetes/kubernetes

cmd/kubeadm/test/kubeconfig/util.go

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package kubeconfig

import (
	"crypto/x509"
	"encoding/pem"
	"testing"
	"time"

	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"

	certstestutil "k8s.io/kubernetes/cmd/kubeadm/app/util/certs"
)

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Wed May 01 16:01:49 UTC 2024

- 4.9K bytes

- Viewed (0)

github.com/kubernetes/kubernetes

staging/src/k8s.io/apiserver/pkg/server/dynamiccertificates/dynamic_cafile_content.go

// defaultVerifyOptions returns VerifyOptions that use the system root certificates, current time,
// and requires certificates to be valid for client auth (x509.ExtKeyUsageClientAuth)
func defaultVerifyOptions() x509.VerifyOptions {
	return x509.VerifyOptions{
		KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
	}

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Sat May 04 18:33:12 UTC 2024

- 8.4K bytes

- Viewed (0)

github.com/golang/go

src/internal/godebugs/table.go

	{Name: "x509negativeserial", Package: "crypto/x509", Changed: 23, Old: "1"},
	{Name: "x509seriallength", Package: "crypto/x509", Changed: 23, Old: "1"},
	{Name: "x509sha1", Package: "crypto/x509"},
	{Name: "x509usefallbackroots", Package: "crypto/x509"},
	{Name: "x509usepolicies", Package: "crypto/x509"},
	{Name: "zipinsecurepath", Package: "archive/zip"},
}

Registered: Wed Jun 12 16:32:35 UTC 2024

- Last Modified: Wed May 22 22:58:43 UTC 2024

- 3.6K bytes

- Viewed (0)

github.com/golang/go

src/crypto/x509/verify.go

	switch e.Reason {
	case NotAuthorizedToSign:
		return "x509: certificate is not authorized to sign other certificates"
	case Expired:
		return "x509: certificate has expired or is not yet valid: " + e.Detail
	case CANotAuthorizedForThisName:
		return "x509: a root or intermediate certificate is not authorized to sign for this name: " + e.Detail
	case CANotAuthorizedForExtKeyUsage:

Registered: Wed Jun 12 16:32:35 UTC 2024

- Last Modified: Wed May 22 22:58:39 UTC 2024

- 35.7K bytes

- Viewed (0)

github.com/kubernetes/kubernetes

cmd/kube-apiserver/app/testing/testserver.go

		certTmpl := x509.Certificate{
			Subject: pkix.Name{
				CommonName: "misty",
			},
			SerialNumber: serial,
			NotBefore:    proxySigningCert.NotBefore,
			NotAfter:     tenThousandHoursLater,
			KeyUsage:     x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
			ExtKeyUsage: []x509.ExtKeyUsage{
				x509.ExtKeyUsageClientAuth,
			},
			BasicConstraintsValid: true,

Registered: Sat Jun 15 01:39:40 UTC 2024

- Last Modified: Mon Apr 29 18:59:21 UTC 2024

- 17.6K bytes

- Viewed (0)

github.com/istio/istio

pilot/pkg/trustbundle/trustbundle.go

	endpoints          []string
	endpointUpdateChan chan struct{}
	remoteCaCertPool   *x509.CertPool
	meshConfig         mesh.Watcher
}

var (
	trustBundleLog = log.RegisterScope("trustBundle", "Workload mTLS trust bundle logs")
	remoteTimeout  = 10 * time.Second
)

// NewTrustBundle returns a new trustbundle
func NewTrustBundle(remoteCaCertPool *x509.CertPool, meshConfig mesh.Watcher) *TrustBundle {
	var err error
	tb := &TrustBundle{

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Thu May 23 21:07:03 UTC 2024

- 7.8K bytes

- Viewed (0)

Search Options