mirrors/nebula
1
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2026-01-20 11:32:14 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

remove the requirement for a cert-v2 certificate to have an IPv4 Network to have IPv4 UnsafeNetworks

Browse source
This commit is contained in:
JackDoan 2026-01-20 10:18:15 -06:00
parent e5f60fa54f
commit 43bdf9066e
1 changed files with 0 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

6
cert/cert_v2.go
View file

@ -396,7 +396,6 @@ func (c *certificateV2) validate() error {
return NewErrInvalidCertificateProperties("non-CA certificate must contain at least 1 network")
}
hasV4Networks := false
hasV6Networks := false
for _, network := range c.details.networks {
if !network.IsValid() || !network.Addr().IsValid() {
@ -415,7 +414,6 @@ func (c *certificateV2) validate() error {
return NewErrInvalidCertificateProperties("4in6 networks are not allowed: %s", network)
}
hasV4Networks = hasV4Networks || network.Addr().Is4()
hasV6Networks = hasV6Networks || network.Addr().Is6()
}
@ -439,10 +437,6 @@ func (c *certificateV2) validate() error {
if !hasV6Networks {
return NewErrInvalidCertificateProperties("IPv6 unsafe networks require an IPv6 address assignment: %s", network)
}
} else if network.Addr().Is4() {
if !hasV4Networks {
return NewErrInvalidCertificateProperties("IPv4 unsafe networks require an IPv4 address assignment: %s", network)
}
}
}
}