From 8a3c43827bf73a3eae5fef0ff0cf055b2deb6b1d Mon Sep 17 00:00:00 2001
From: tangcong <tangcong506@foxmail.com>
Date: Thu, 22 Jul 2021 23:55:01 +0800
Subject: [PATCH 1/2] fix self-signed-cert-validity parameter cannot be
 specified in the config file

---
 etcd.conf.yml.sample   | 3 +++
 server/embed/config.go | 6 ++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/etcd.conf.yml.sample b/etcd.conf.yml.sample
index 0d7a2c6b3..16da4f8fe 100644
--- a/etcd.conf.yml.sample
+++ b/etcd.conf.yml.sample
@@ -125,6 +125,9 @@ peer-transport-security:
   # Peer TLS using generated certificates.
   auto-tls: false
 
+# The validity period of the self-signed certificate, the unit is year.
+self-signed-cert-validity: 1
+
 # Enable debug-level logging for etcd.
 log-level: debug
 
diff --git a/server/embed/config.go b/server/embed/config.go
index fb4f9aee1..044b133e3 100644
--- a/server/embed/config.go
+++ b/server/embed/config.go
@@ -207,7 +207,7 @@ type Config struct {
 	// SelfSignedCertValidity specifies the validity period of the client and peer certificates
 	// that are automatically generated by etcd when you specify ClientAutoTLS and PeerAutoTLS,
 	// the unit is year, and the default is 1
-	SelfSignedCertValidity uint
+	SelfSignedCertValidity uint `json:"self-signed-cert-validity"`
 
 	// CipherSuites is a list of supported TLS cipher suites between
 	// client/server and peers. If empty, Go auto-populates the list.
@@ -596,7 +596,9 @@ func (cfg *configYAML) configFromFile(path string) error {
 	copySecurityDetails(&cfg.PeerTLSInfo, &cfg.PeerSecurityJSON)
 	cfg.ClientAutoTLS = cfg.ClientSecurityJSON.AutoTLS
 	cfg.PeerAutoTLS = cfg.PeerSecurityJSON.AutoTLS
-
+	if cfg.SelfSignedCertValidity == 0 {
+		cfg.SelfSignedCertValidity = 1
+	}
 	return cfg.Validate()
 }
 

From 8929b8ca46089be86e42f9fd85f6af67c6ede2ed Mon Sep 17 00:00:00 2001
From: tangcong <tangcong506@foxmail.com>
Date: Thu, 29 Jul 2021 00:29:11 +0800
Subject: [PATCH 2/2] CHANGELOG: update for 13237

---
 CHANGELOG-3.5.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/CHANGELOG-3.5.md b/CHANGELOG-3.5.md
index 5d01752f9..85db0c878 100644
--- a/CHANGELOG-3.5.md
+++ b/CHANGELOG-3.5.md
@@ -8,6 +8,16 @@ The minimum recommended etcd versions to run in **production** are 3.2.28+, 3.3.
 
 <hr>
 
+## [v3.5.1](https://github.com/etcd-io/etcd/releases/tag/v3.5.1) (TBD)
+
+See [code changes](https://github.com/etcd-io/etcd/compare/v3.5.0...v3.5.1) and [v3.5 upgrade guide](https://etcd.io/docs/latest/upgrades/upgrade_3_5/) for any breaking changes.
+
+### etcd server
+
+- Fix [self-signed-cert-validity parameter cannot be specified in the config file](https://github.com/etcd-io/etcd/pull/13237).
+
+
+<hr>
 
 ## v3.5.0 (2021-06)