This PR is really about fixing the validation of URI SANs that was broken since certmgr switched to using the cfssl transport (I think...)
This prevents constant reissuance when the SANs contain URIs.
However, in order to even support URIs properly like the old certmgr 1.x, the cfssl dependency needs to be bumped. To make my life easier, this PR contains a cursed direct patch of the vendored cfssl -- specifically https://github.com/cloudflare/cfssl/pull/1157
This should obviously be removed if ever the ancient cfssl is updated or unvendored.
Until then, the TMP commit makes this PR apply cleanly as a patch on top of v3.0.3
This PR is really about fixing the validation of URI SANs that was broken since certmgr switched to using the cfssl transport (I think...)
This prevents constant reissuance when the SANs contain URIs.
However, in order to even support URIs properly like the old certmgr 1.x, the cfssl dependency needs to be bumped. To make my life easier, this PR contains a cursed direct patch of the vendored cfssl -- specifically https://github.com/cloudflare/cfssl/pull/1157
This should obviously be removed if ever the ancient cfssl is updated or unvendored.
Until then, the TMP commit makes this PR apply cleanly as a patch on top of v3.0.3