Merge pull request #126 from elgnay/issue_invalid_cert

Fix invalid client certificate issue

pkg/clientcert/certificate.go

@@ -4,7 +4,6 @@ import (
 	"crypto/x509/pkix"
 	"errors"
 	"fmt"
-	"reflect"
 	"strings"
 	"time"
 
@@ -84,14 +83,6 @@ func IsCertificateValid(certData []byte, subject *pkix.Name) (bool, error) {
 		if cert.Subject.CommonName != subject.CommonName {
 			continue
 		}
-
-		if !reflect.DeepEqual(cert.Subject.Organization, subject.Organization) {
-			continue
-		}
-
-		if !reflect.DeepEqual(cert.Subject.OrganizationalUnit, subject.OrganizationalUnit) {
-			continue
-		}
 		return true, nil
 	}
 

pkg/clientcert/certificate_test.go

@@ -138,28 +138,6 @@ func TestIsCertificateValid(t *testing.T) {
 				CommonName: "wrong-common-name",
 			},
 		},
-		{
-			name: "invalid organization",
-			testCert: testinghelpers.NewTestCertWithSubject(pkix.Name{
-				CommonName:   "test",
-				Organization: []string{"a", "b"},
-			}, 60*time.Second),
-			subject: &pkix.Name{
-				CommonName:   "test",
-				Organization: []string{"c"},
-			},
-		},
-		{
-			name: "invalid organizational unit",
-			testCert: testinghelpers.NewTestCertWithSubject(pkix.Name{
-				CommonName:         "test",
-				OrganizationalUnit: []string{"x"},
-			}, 60*time.Second),
-			subject: &pkix.Name{
-				CommonName:         "test",
-				OrganizationalUnit: []string{"y", "z"},
-			},
-		},
 		{
 			name: "valid cert",
 			testCert: testinghelpers.NewTestCertWithSubject(pkix.Name{