Skip to content

Commit e2f8f88

Browse files
mishaslavinmishaslavin
committed
squashing changes
1 parent d9aaa75 commit e2f8f88

File tree

3 files changed

+28
-22
lines changed

3 files changed

+28
-22
lines changed

authority/authority.go

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -711,8 +711,9 @@ func (a *Authority) init() error {
711711
case a.requiresSCEP() && a.GetSCEP() == nil:
712712
if a.scepOptions == nil {
713713
options := &scep.Options{
714-
Roots: a.rootX509Certs,
715-
Intermediates: a.intermediateX509Certs,
714+
Roots: a.rootX509Certs,
715+
Intermediates: a.intermediateX509Certs,
716+
SkipValidation: a.config.SkipSCEPValidation,
716717
}
717718

718719
// intermediate certificates can be empty in RA mode

authority/config/config.go

Lines changed: 21 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -65,26 +65,27 @@ var (
6565

6666
// Config represents the CA configuration and it's mapped to a JSON object.
6767
type Config struct {
68-
Root multiString `json:"root"`
69-
FederatedRoots []string `json:"federatedRoots"`
70-
IntermediateCert string `json:"crt"`
71-
IntermediateKey string `json:"key"`
72-
Address string `json:"address"`
73-
InsecureAddress string `json:"insecureAddress"`
74-
DNSNames []string `json:"dnsNames"`
75-
KMS *kms.Options `json:"kms,omitempty"`
76-
SSH *SSHConfig `json:"ssh,omitempty"`
77-
Logger json.RawMessage `json:"logger,omitempty"`
78-
DB *db.Config `json:"db,omitempty"`
79-
Monitoring json.RawMessage `json:"monitoring,omitempty"`
80-
AuthorityConfig *AuthConfig `json:"authority,omitempty"`
81-
TLS *TLSOptions `json:"tls,omitempty"`
82-
Password string `json:"password,omitempty"`
83-
Templates *templates.Templates `json:"templates,omitempty"`
84-
CommonName string `json:"commonName,omitempty"`
85-
CRL *CRLConfig `json:"crl,omitempty"`
86-
MetricsAddress string `json:"metricsAddress,omitempty"`
87-
SkipValidation bool `json:"-"`
68+
Root multiString `json:"root"`
69+
FederatedRoots []string `json:"federatedRoots"`
70+
IntermediateCert string `json:"crt"`
71+
IntermediateKey string `json:"key"`
72+
Address string `json:"address"`
73+
InsecureAddress string `json:"insecureAddress"`
74+
DNSNames []string `json:"dnsNames"`
75+
KMS *kms.Options `json:"kms,omitempty"`
76+
SSH *SSHConfig `json:"ssh,omitempty"`
77+
Logger json.RawMessage `json:"logger,omitempty"`
78+
DB *db.Config `json:"db,omitempty"`
79+
Monitoring json.RawMessage `json:"monitoring,omitempty"`
80+
AuthorityConfig *AuthConfig `json:"authority,omitempty"`
81+
TLS *TLSOptions `json:"tls,omitempty"`
82+
Password string `json:"password,omitempty"`
83+
Templates *templates.Templates `json:"templates,omitempty"`
84+
CommonName string `json:"commonName,omitempty"`
85+
CRL *CRLConfig `json:"crl,omitempty"`
86+
MetricsAddress string `json:"metricsAddress,omitempty"`
87+
SkipValidation bool `json:"-"`
88+
SkipSCEPValidation bool `json:"-"`
8889

8990
// Keeps record of the filename the Config is read from
9091
loadedFromFilepath string

scep/options.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,8 @@ type Options struct {
2626
// are used to be able to load the provisioners when the SCEP authority is being
2727
// validated.
2828
SCEPProvisionerNames []string
29+
// SkipValidation is used to skip the validation of the SCEP options.
30+
SkipValidation bool
2931
}
3032

3133
type comparablePublicKey interface {
@@ -35,6 +37,8 @@ type comparablePublicKey interface {
3537
// Validate checks the fields in Options.
3638
func (o *Options) Validate() error {
3739
switch {
40+
case o.SkipValidation:
41+
return nil
3842
case len(o.Intermediates) == 0:
3943
return errors.New("no intermediate certificate available for SCEP authority")
4044
case o.SignerCert == nil:

0 commit comments

Comments
 (0)