Skip to content

Use go/x/crypto functionality for ACME External Account Binding #3822

Closed
#3877
Closed
Use go/x/crypto functionality for ACME External Account Binding#3822
#3877
Assignees
irbekrm
Labels
area/acmeIndicates a PR directly modifies the ACME Issuer codekind/cleanupCategorizes issue or PR as related to cleaning up code, process, or technical debt.priority/important-soonMust be staffed and worked on either currently, or very soon, ideally in time for the next release.
@irbekrm

Description

@irbekrm
irbekrm
opened on Mar 30, 2021

We currently use a fork of golang/crypto library - see #3220 for context.

There are two bits of functionality that our fork implements on top of an older version of upstream- support for ACME External Account Binding and support for fetching alternative certificate chains.

As support for External Account Binding is now implemented upstream so we can:

  1. Fork the latest golang/crypto to cert-manager org
  2. Cherry-pick the support for fetching alternative certificate chains on top of that
  3. Adapt cert-manager to work with this fork
  4. Document why we are using a fork

(There is an active CL upstream that implements supports fetching alternative certificate chains- once that gets merged, we'll be able to use upstream again).

Metadata

Metadata

Assignees

Labels

area/acmeIndicates a PR directly modifies the ACME Issuer codekind/cleanupCategorizes issue or PR as related to cleaning up code, process, or technical debt.priority/important-soonMust be staffed and worked on either currently, or very soon, ideally in time for the next release.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions