Affected by GO-2023-1804 and 2 other vulnerabilities

GO-2023-1804: Kyverno vulnerable due to usage of insecure cipher in github.com/kyverno/kyverno

GO-2023-1819: Kyverno resource with a deletionTimestamp may allow policy circumvention in github.com/kyverno/kyverno

GO-2023-2340: Attacker can cause Kyverno user to unintentionally consume insecure image in github.com/kyverno/kyverno

tls

package

v1.2.1 Latest Latest Go to latest Published: Oct 22, 2020 License: Apache-2.0 Imports: 10 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

This section is empty.

This section is empty.

func GenerateCACert() (*KeyPair, *TlsPemPair, error)

GenerateCACert creates the self-signed CA cert and private key it will be used to sign the webhook server certificate

func GenerateInClusterServiceName(props TlsCertificateProps) string

GenerateInClusterServiceName The generated service name should be the common name for TLS certificate

func IsTLSPairShouldBeUpdated(tlsPair *TlsPemPair) bool

IsTLSPairShouldBeUpdated checks if TLS pair has expited and needs to be updated

func TLSCertificateToPem(certificateDER []byte) []byte

func TLSGeneratePrivateKey() (*rsa.PrivateKey, error)

TLSGeneratePrivateKey Generates RSA private key

func TLSPrivateKeyToPem(rsaKey *rsa.PrivateKey) []byte

TLSPrivateKeyToPem Creates PEM block from private key object

type KeyPair struct {
	Cert *x509.Certificate
	Key  *rsa.PrivateKey
}

type TlsCertificateProps struct {
	Service       string
	Namespace     string
	ApiServerHost string
}

TlsCertificateProps Properties of TLS certificate which should be issued for webhook server

type TlsPemPair struct {
	Certificate []byte
	PrivateKey  []byte
}

TlsPemPair The pair of TLS certificate corresponding private key, both in PEM format

func GenerateCertPem(caCert *KeyPair, props TlsCertificateProps, fqdncn bool) (*TlsPemPair, error)

GenerateCertPem takes the results of GenerateCACert and uses it to create the PEM-encoded public certificate and private key, respectively