Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 7fd64f60c607878c60e8c9eff2f21139fe389d6e^! / . / osbase / pki / ca.go
commit7fd64f60c607878c60e8c9eff2f21139fe389d6e[log] [tgz]
authorTim Windelschmidt <tim@monogon.tech>Sun Jun 29 02:32:31 2025 +0200
committerTim Windelschmidt <tim@monogon.tech>Mon Jun 30 00:02:45 2025 +0000
tree41634730b730156b62f92e00d0aa2841eb700f0b
parent8fd51cd0cb06584bdfe2e7884662276d0c7bfe9b [diff] [blame]
osbase/pki: remove SKID workaround

We are way newer than Go 1.15.

Closes #476

Change-Id: I876d2974598b7daadc9c99e452f57dd6b97a02cb
Reviewed-on: https://review.monogon.dev/c/monogon/+/4351
Reviewed-by: Leopold Schabel <leo@monogon.tech>
Tested-by: Jenkins CI

diff --git a/osbase/pki/ca.go b/osbase/pki/ca.go
index ff6d639..4bc637b 100644
--- a/osbase/pki/ca.go
+++ b/osbase/pki/ca.go

@@ -15,6 +15,11 @@
 	clientv3 "go.etcd.io/etcd/client/v3"
 )
 
+var (
+	// From RFC 5280 Section 4.1.2.5
+	UnknownNotAfter = time.Unix(253402300799, 0)
+)
+
 // Issuer is an entity that can issue certificates. This interface is
 // implemented by SelfSigned, which is an issuer that emits self-signed
 // certificates, and any other Certificate that has been created with CA(),
@@ -40,16 +45,10 @@
 		return
 	}
 
-	skid, err := calculateSKID(req.PublicKey)
-	if err != nil {
-		return nil, err
-	}
-
 	req.Template.SerialNumber = serialNumber
 	req.Template.NotBefore = time.Now()
 	req.Template.NotAfter = UnknownNotAfter
 	req.Template.BasicConstraintsValid = true
-	req.Template.SubjectKeyId = skid
 
 	// Set the AuthorityKeyID to the SKID of the signing certificate (or self,
 	// if self-signing).