Commit 04bdf274 authored by Maciej Delmanowski's avatar Maciej Delmanowski

Revert "Fix nameConstraints to allow subdomains."

This reverts commit f7b0885a.

The patch causes an error during second playbook run:

pki-authority: Error: failed to run verify -CAfile
issuer/subject/cert.pem -untrusted subject/cert.pem
cert.pem (Exitcode: 2)

Details: CN = example.org
error 47 at 0 depth lookup: permitted subtree violation
error hcert.pem: verification failed
parent edcc70f6
Pipeline #25414723 passed with stages
in 9 minutes and 37 seconds
......@@ -130,7 +130,7 @@ get_openssl_name_constraints_directive () {
local name_constraints
case "${config['name_constraints']}" in
true|True)
name_constraints="nameConstraints = critical, permitted;DNS:.${config_domain}"
name_constraints="nameConstraints = critical, permitted;DNS:${config_domain}"
;;
false|False)
name_constraints=""
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment