Populate x509.Certificate.Policies field #7940
Conversation
Closes #7148. Signed-off-by: Eng Zer Jun <[email protected]>
ZLint requires the field to be set. Signed-off-by: Eng Zer Jun <[email protected]>
Juneezee
changed the title
There was a problem hiding this comment.
ZLint still requires the PolicyIdentifiers field to be populated so we cannot drop the PolicyIdentifiers field completely yet.
https://github.com/letsencrypt/boulder/actions/runs/12731876566/job/35486388841#step:6:22:
failed lint(s): e_sub_ca_certificate_policies_missing ()
I have submitted an issue zmap/zlint#910 to ZLint repository.
There was a problem hiding this comment.
This PR does not close #7148. In order to fully complete that ticket, it needs to also address the PolicyIdentifiers/Policies fields during issuance of Subscriber certificates, as well as anywhere else we construct an x509.Certificate. There may be other places I missed, you should search for them.
Reference: #7940 (review) Signed-off-by: Eng Zer Jun <[email protected]>
|
Populated the I performed a search in VSCode and found 8 occurrences of the word
|
Reference: #7940 (review) Signed-off-by: Eng Zer Jun <[email protected]>
Juneezee
changed the title
There was a problem hiding this comment.
Thanks for the contribution @Juneezee! Overall I think this change looks really good, I have just few suggestions to improve it a little more.
Reference: #7940 (review) Signed-off-by: Eng Zer Jun <[email protected]>
|
Just FYI, this PR is now on-hold until we're using Go 1.24 in our go.mod. No further action is required on your end. |
|
With #7971 landed, we should land this after a followup PR where go1.23.x comes out of the CI versions. |
Part of #7148.
Note
Starting from Go 1.24,
x509.Certificate.Policiesis the default field used for marshalling certificates. golang/go@918765b