We currently use a fork of golang/crypto library - see #3220 for context.
There are two bits of functionality that our fork implements on top of an older version of upstream- support for ACME External Account Binding and support for fetching alternative certificate chains.
As support for External Account Binding is now implemented upstream so we can:
- Fork the latest golang/crypto to
cert-manager org
- Cherry-pick the support for fetching alternative certificate chains on top of that
- Adapt
cert-manager to work with this fork
- Document why we are using a fork
(There is an active CL upstream that implements supports fetching alternative certificate chains- once that gets merged, we'll be able to use upstream again).
We currently use a fork of golang/crypto library - see #3220 for context.
There are two bits of functionality that our fork implements on top of an older version of upstream- support for ACME External Account Binding and support for fetching alternative certificate chains.
As support for External Account Binding is now implemented upstream so we can:
cert-managerorgcert-managerto work with this fork(There is an active CL upstream that implements supports fetching alternative certificate chains- once that gets merged, we'll be able to use upstream again).