personal_interest_mirrors/nebula
1
0
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2026-02-15 09:14:23 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

remove the requirement for a cert-v2 certificate to have an IPv4 Network to have IPv4 UnsafeNetworks

Browse Source
This commit is contained in:
JackDoan
2026-01-20 10:18:15 -06:00
parent e5f60fa54f
commit 43bdf9066e
1 changed files with 0 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cert/cert_v2.go
View File

@@ -396,7 +396,6 @@ func (c *certificateV2) validate() error {
return NewErrInvalidCertificateProperties("non-CA certificate must contain at least 1 network") return NewErrInvalidCertificateProperties("non-CA certificate must contain at least 1 network")
} }
hasV4Networks := false
hasV6Networks := false hasV6Networks := false
for _, network := range c.details.networks { for _, network := range c.details.networks {
if !network.IsValid() || !network.Addr().IsValid() { if !network.IsValid() || !network.Addr().IsValid() {
@@ -415,7 +414,6 @@ func (c *certificateV2) validate() error {
return NewErrInvalidCertificateProperties("4in6 networks are not allowed: %s", network) return NewErrInvalidCertificateProperties("4in6 networks are not allowed: %s", network)
} }
hasV4Networks = hasV4Networks || network.Addr().Is4()
hasV6Networks = hasV6Networks || network.Addr().Is6() hasV6Networks = hasV6Networks || network.Addr().Is6()
} }
@@ -439,10 +437,6 @@ func (c *certificateV2) validate() error {
if !hasV6Networks { if !hasV6Networks {
return NewErrInvalidCertificateProperties("IPv6 unsafe networks require an IPv6 address assignment: %s", network) return NewErrInvalidCertificateProperties("IPv6 unsafe networks require an IPv6 address assignment: %s", network)
} }
} else if network.Addr().Is4() {
if !hasV4Networks {
return NewErrInvalidCertificateProperties("IPv4 unsafe networks require an IPv4 address assignment: %s", network)
}
} }
} }
} }