Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is really about fixing the validation of URI SANs that was broken since certmgr switched to using the cfssl transport (I think...)
This prevents constant reissuance when the SANs contain URIs.
However, in order to even support URIs properly like the old certmgr 1.x, the cfssl dependency needs to be bumped. To make my life easier, this PR contains a cursed direct patch of the vendored cfssl -- specifically cloudflare/cfssl#1157
This should obviously be removed if ever the ancient cfssl is updated or unvendored.
Until then, the TMP commit makes this PR apply cleanly as a patch on top of v3.0.3