From 05d290e5beca81164431b0c7b7f92609eeb5ba12 Mon Sep 17 00:00:00 2001
From: "Dr. Stefan Schimanski" <stefan.schimanski@gmail.com>
Date: Fri, 28 Oct 2016 09:20:57 +0200
Subject: [PATCH 1/2] Restore old apiserver cert CN

---
 pkg/genericapiserver/serve.go | 7 +++++--
 pkg/util/cert/cert.go         | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/pkg/genericapiserver/serve.go b/pkg/genericapiserver/serve.go
index ec120b72bd3..bcdf1921288 100644
--- a/pkg/genericapiserver/serve.go
+++ b/pkg/genericapiserver/serve.go
@@ -22,11 +22,13 @@ import (
 	"fmt"
 	"net"
 	"net/http"
+	"strings"
 	"sync"
 	"time"
 
 	certutil "k8s.io/kubernetes/pkg/util/cert"
 	utilruntime "k8s.io/kubernetes/pkg/util/runtime"
+	"k8s.io/kubernetes/pkg/util/validation"
 
 	"github.com/golang/glog"
 	"github.com/pkg/errors"
@@ -220,8 +222,9 @@ func getNamedCertificateMap(namedCertKeys []NamedCertKey) (map[string]*tls.Certi
 		if err != nil {
 			return nil, fmt.Errorf("parse error for certificate in %q: %v", nkc.CertFile, err)
 		}
-		if len(x509Cert.Subject.CommonName) > 0 {
-			tlsCertsByName[x509Cert.Subject.CommonName] = cert
+		cn := x509Cert.Subject.CommonName
+		if cn == "*" || len(validation.IsDNS1123Subdomain(strings.TrimPrefix(cn, "*."))) == 0 {
+			tlsCertsByName[cn] = cert
 		}
 		for _, san := range x509Cert.DNSNames {
 			tlsCertsByName[san] = cert
diff --git a/pkg/util/cert/cert.go b/pkg/util/cert/cert.go
index ee071e9b612..fff5b38d634 100644
--- a/pkg/util/cert/cert.go
+++ b/pkg/util/cert/cert.go
@@ -138,7 +138,7 @@ func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS
 	template := x509.Certificate{
 		SerialNumber: big.NewInt(1),
 		Subject: pkix.Name{
-			CommonName: host,
+			CommonName: fmt.Sprintf("%s@%d", host, time.Now().Unix()),
 		},
 		NotBefore: time.Now(),
 		NotAfter:  time.Now().Add(time.Hour * 24 * 365),

From 893d0417267d8584014dfec2204eb345e23a1823 Mon Sep 17 00:00:00 2001
From: "Dr. Stefan Schimanski" <sttts@redhat.com>
Date: Wed, 2 Nov 2016 17:42:22 +0100
Subject: [PATCH 2/2] Update bazel

---
 pkg/genericapiserver/BUILD | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/genericapiserver/BUILD b/pkg/genericapiserver/BUILD
index 985ab477c41..02050febe24 100644
--- a/pkg/genericapiserver/BUILD
+++ b/pkg/genericapiserver/BUILD
@@ -65,6 +65,7 @@ go_library(
         "//pkg/util/net:go_default_library",
         "//pkg/util/runtime:go_default_library",
         "//pkg/util/sets:go_default_library",
+        "//pkg/util/validation:go_default_library",
         "//pkg/util/wait:go_default_library",
         "//pkg/version:go_default_library",
         "//vendor:github.com/coreos/go-systemd/daemon",