Use only name constraints in GetTLSCertificate

2022-09-23 11:04:27 -07:00 · 2022-09-23 11:04:27 -07:00 · c9e7af3722
commit c9e7af3722
parent 0bedd22850
1 changed files with 2 additions and 2 deletions
--- a/authority/tls.go
+++ b/authority/tls.go
@ -640,8 +640,8 @@ func (a *Authority) GetTLSCertificate() (*tls.Certificate, error) {
 	certTpl.EmailAddresses = cr.EmailAddresses
 	certTpl.URIs = cr.URIs

-	// Fail if name constraints or policy does not allow the server names.
-	if err := a.isAllowedToSignX509Certificate(certTpl); err != nil {
+	// Fail if name constraints do not allow the server names.
+	if err := a.constraintsEngine.ValidateCertificate(certTpl); err != nil {
 		return fatal(err)
 	}