Merge pull request #134591 from liggitt/automated-cherry-pick-of-#134588-upstream-release-1.32

Automated cherry pick of #134588: go 1.25.2/1.24.8 related fixes Kubernetes-commit: 53ac0cd1ee5b4f95057b86bb18d5f949245cfc16
Remove invalid SAN certificate construction
2026-05-15 11:43:33 +00:00 · 2025-10-14 16:36:45 +00:00 · 2025-10-09 16:27:05 -04:00
3 changed files with 6 additions and 4 deletions
--- a/go.mod
+++ b/go.mod
@@ -28,7 +28,7 @@ require (
 	golang.org/x/time v0.7.0
 	google.golang.org/protobuf v1.35.1
 	gopkg.in/evanphx/json-patch.v4 v4.12.0
-	k8s.io/api v0.0.0-20241206182328-b0543a351f7c
+	k8s.io/api v0.0.0-20250303132116-40f4980d02f4
 	k8s.io/apimachinery v0.0.0-20241206181855-59e9003f02d6
 	k8s.io/klog/v2 v2.130.1
 	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f
--- a/go.sum
+++ b/go.sum
@@ -150,8 +150,8 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.0.0-20241206182328-b0543a351f7c h1:UoXV3XeoOwdU6+7kUhkKW/u3q99JwsKjQUI3qur90cM=
-k8s.io/api v0.0.0-20241206182328-b0543a351f7c/go.mod h1:MTvs54H/YfTPDnBal6hTyMIJhy2TWEF5p0S9e3fytBw=
+k8s.io/api v0.0.0-20250303132116-40f4980d02f4 h1:MZNu52FwRbVUDZkq5bkK3EMhQOQyTfUZy5I9XBhFwzY=
+k8s.io/api v0.0.0-20250303132116-40f4980d02f4/go.mod h1:MTvs54H/YfTPDnBal6hTyMIJhy2TWEF5p0S9e3fytBw=
 k8s.io/apimachinery v0.0.0-20241206181855-59e9003f02d6 h1:8ccyzZdQXEqpO3sboLCV3yt9bm6VFoO/jYOGS7gCAQs=
 k8s.io/apimachinery v0.0.0-20241206181855-59e9003f02d6/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
--- a/util/cert/cert.go
+++ b/util/cert/cert.go
@@ -75,13 +75,15 @@ func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, erro
 			CommonName:   cfg.CommonName,
 			Organization: cfg.Organization,
 		},
-		DNSNames:              []string{cfg.CommonName},
 		NotBefore:             notBefore,
 		NotAfter:              now.Add(duration365d * 10).UTC(),
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
 		BasicConstraintsValid: true,
 		IsCA:                  true,
 	}
+	if len(cfg.CommonName) > 0 {
+		tmpl.DNSNames = []string{cfg.CommonName}
+	}

 	certDERBytes, err := x509.CreateCertificate(cryptorand.Reader, &tmpl, &tmpl, key.Public(), key)
 	if err != nil {
Author	SHA1	Message	Date
Kubernetes Publisher	55b810f8ee	Merge pull request #134591 from liggitt/automated-cherry-pick-of-#134588-upstream-release-1.32 Automated cherry pick of #134588: go 1.25.2/1.24.8 related fixes Kubernetes-commit: 53ac0cd1ee5b4f95057b86bb18d5f949245cfc16	2025-10-14 16:36:45 +00:00
Jordan Liggitt	7e6bf40aa6	Remove invalid SAN certificate construction Kubernetes-commit: 4983187b9a7b97b5932508d9c42979b928218cb8	2025-10-09 16:27:05 -04:00