Skip to content

Commit 8d1781e

Browse files
committed
Add an exception for certs known not to work.
1 parent 35f54a7 commit 8d1781e

File tree

1 file changed

+7
-1
lines changed

1 file changed

+7
-1
lines changed

src/KubernetesClient/CertUtils.cs

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,13 @@ public static X509Certificate2 GeneratePfx(KubernetesClientConfiguration config)
7474
}
7575

7676
var cert = new X509CertificateParser().ReadCertificate(new MemoryStream(certData));
77-
77+
// key usage is a bit string, zero-th bit is 'digitalSignature'
78+
// See https://www.alvestrand.no/objectid/2.5.29.15.html for more details.
79+
if (!cert.GetKeyUsage()[0]) {
80+
throw new Exception(
81+
"Client certificates must be marked for digital signing. " +
82+
"See https://github.com/kubernetes-client/csharp/issues/319");
83+
}
7884
object obj;
7985
using (var reader = new StreamReader(new MemoryStream(keyData)))
8086
{

0 commit comments

Comments
 (0)