Skip to content

Commit

Permalink
Remove now-spurious ttl check and logic from sign-verbatim.
Browse files Browse the repository at this point in the history
This endpoint eventually goes through generateCreationBundle where we
already have the right checks.

Also add expiration to returned value to match output when using root
generation.

Fixes #5549
  • Loading branch information
jefferai committed Oct 19, 2018
1 parent c38b0e0 commit 7b890bc
Showing 1 changed file with 1 addition and 6 deletions.
7 changes: 1 addition & 6 deletions builtin/logical/pki/path_issue_sign.go
Original file line number Diff line number Diff line change
Expand Up @@ -154,8 +154,6 @@ func (b *backend) pathSignVerbatim(ctx context.Context, req *logical.Request, da
}

entry := &roleEntry{
TTL: b.System().DefaultLeaseTTL(),
MaxTTL: b.System().MaxLeaseTTL(),
AllowLocalhost: true,
AllowAnyName: true,
AllowIPSANs: true,
Expand Down Expand Up @@ -186,10 +184,6 @@ func (b *backend) pathSignVerbatim(ctx context.Context, req *logical.Request, da
entry.NoStore = role.NoStore
}

if entry.MaxTTL > 0 && entry.TTL > entry.MaxTTL {
return logical.ErrorResponse(fmt.Sprintf("requested ttl of %s is greater than max ttl of %s", entry.TTL, entry.MaxTTL)), nil
}

return b.pathIssueSignCert(ctx, req, data, entry, true, true)
}

Expand Down Expand Up @@ -244,6 +238,7 @@ func (b *backend) pathIssueSignCert(ctx context.Context, req *logical.Request, d
}

respData := map[string]interface{}{
"expiration": int64(parsedBundle.Certificate.NotAfter.Unix()),
"serial_number": cb.SerialNumber,
}

Expand Down

0 comments on commit 7b890bc

Please sign in to comment.