Affected by GO-2023-1804 and 2 other vulnerabilities

GO-2023-1804: Kyverno vulnerable due to usage of insecure cipher in github.com/kyverno/kyverno

GO-2023-1819: Kyverno resource with a deletionTimestamp may allow policy circumvention in github.com/kyverno/kyverno

GO-2023-2340: Attacker can cause Kyverno user to unintentionally consume insecure image in github.com/kyverno/kyverno

tls

package

v1.3.2-rc3 Latest Latest Go to latest Published: Feb 9, 2021 License: Apache-2.0 Imports: 11 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

This section is empty.

This section is empty.

func CertificateToPem(certificateDER []byte) []byte

CertificateToPem ...

func GenerateCACert() (*KeyPair, *PemPair, error)

GenerateCACert creates the self-signed CA cert and private key it will be used to sign the webhook server certificate

func GenerateInClusterServiceName(props CertificateProps) string

GenerateInClusterServiceName The generated service name should be the common name for TLS certificate

func GeneratePrivateKey() (*rsa.PrivateKey, error)

GeneratePrivateKey Generates RSA private key

func IsTLSPairShouldBeUpdated(tlsPair *PemPair) bool

IsTLSPairShouldBeUpdated checks if TLS pair has expited and needs to be updated

func PrivateKeyToPem(rsaKey *rsa.PrivateKey) []byte

PrivateKeyToPem Creates PEM block from private key object

type CertificateProps struct {
	Service       string
	Namespace     string
	APIServerHost string
	ServerIP      string
}

CertificateProps Properties of TLS certificate which should be issued for webhook server

type KeyPair struct {
	Cert *x509.Certificate
	Key  *rsa.PrivateKey
}

KeyPair ...

type PemPair struct {
	Certificate []byte
	PrivateKey  []byte
}

PemPair The pair of TLS certificate corresponding private key, both in PEM format

func GenerateCertPem(caCert *KeyPair, props CertificateProps, serverIP string) (*PemPair, error)

GenerateCertPem takes the results of GenerateCACert and uses it to create the PEM-encoded public certificate and private key, respectively