rancher/kcrypt-challenger
1
0
Fork 0
mirror of https://github.com/kairos-io/kcrypt-challenger.git synced 2025-09-25 04:17:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fallback to system CAs

Browse Source 
No automated test for this case because it's complicated to get a
properly signed certificate in tests:

- the domain we use is sslip.io (not sure if letsencrypt would sign it)
- we need to use the letsencrypt production and that has quotas not
  suitable for CI

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
This commit is contained in:
Dimitris Karakasilis
2023-02-09 11:24:10 +02:00
parent 1cd4d9a7af
commit 0d3406fa7b
3 changed files with 2 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/discovery/client/client.go
View File

@@ -70,6 +70,7 @@ func (c *Client) generatePass(postEndpoint string, p *block.Partition) error {
opts := []tpm.Option{
tpm.WithCAs([]byte(c.Config.Kcrypt.Challenger.Certificate)),
tpm.AppendCustomCAToSystemCA,
tpm.WithAdditionalHeader("label", p.Label),
tpm.WithAdditionalHeader("name", p.Name),
tpm.WithAdditionalHeader("uuid", p.UUID),