Skip to content

Issue 6349 - RFE - extract keys once (#6363) (#6394) #6413

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 29, 2024
Merged

Issue 6349 - RFE - extract keys once (#6363) (#6394) #6413

merged 1 commit into from
Nov 29, 2024

Conversation

Firstyear
Copy link
Contributor

@Firstyear Firstyear commented Nov 21, 2024
edited by vashirov
Loading

Bug Description: Keys/Certs are extracted to PEM
repeatedly causing many warnings during outbound TLS authenticated replication

Fix Description: After more testing, if the connection is dropped and restarted, the certpath is retrieved but re-extraction does not occur. This still triggers the warning however. To resolve this, we only warn about the tpm namespace during library initialisation.

I really hope I got it right this time :(

fixes: #6340

Author: William Brown william@blackhats.net.au

Review by: ???

@Firstyear
Copy link
Contributor Author

I've been testing with replicas all afternoon killing and starting them to check this and it seems happier. So sorry this has been such a pain :(

@Firstyear Firstyear requested a review from tbordaz November 21, 2024 06:29
@vashirov
Copy link
Member

Minor nitpick: your commit and PR description point to a different issue. Judging by the title it should be #6394 instead of #6349.

@progier389
Copy link
Contributor

Minor nitpick: your commit and PR description point to a different issue. Judging by the title it should be #6394 instead of #6349.

Should not it point to an issue rather than a PR ?

progier389
progier389 reviewed Nov 21, 2024
View reviewed changes
@vashirov
Copy link
Member

Minor nitpick: your commit and PR description point to a different issue. Judging by the title it should be #6394 instead of #6349.

Should not it point to an issue rather than a PR ?

Yes, it should point to an issue #6340.
BTW, please use full URL in the commit. It gets abbreviated by GitHub UI anyway, but makes life a bit easier during git log spelunking ;)

@Firstyear
Issue 6340 - RFE - extract keys once
90fb098 
Bug Description: Keys/Certs are extracted to PEM
repeatedly causing many warnings during outbound TLS
authenticated replication

Fix Description: After more testing, if the connection is
dropped and restarted, the certpath is retrieved but
re-extraction does not occur. This still triggers the
warning however. To resolve this, we only warn about
the tpm namespace during library initialisation.

I really hope I got it right this time :(

fixes: 389ds#6340

Author: William Brown <william@blackhats.net.au>

Review by: ???
@Firstyear Firstyear force-pushed the 20241121-can-this-finally-be-done branch from 9896218 to 90fb098 Compare November 22, 2024 05:12
@Firstyear
Copy link
Contributor Author

Fixed up both issue. So sorry to have missed this, it was a very long day :(

progier389
progier389 approved these changes Nov 22, 2024
View reviewed changes
Copy link
Contributor

@progier389 progier389 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@vashirov
Copy link
Member

Hey @Firstyear, I'm preparing new upstream releases and would like to include this fix as well.
I noticed that 7478498 is not present in 2.0 and 2.1, while the previous fix b1b4356 is present. Could you please also backport it?

@Firstyear
Copy link
Contributor Author

Yep, can do.

@Firstyear Firstyear merged commit 65773c3 into 389ds:main Nov 29, 2024
194 of 197 checks passed
Firstyear added a commit that referenced this pull request Nov 29, 2024
@Firstyear
Issue 6340 - RFE - extract keys once (#6413)
e56ce11 
Bug Description: Keys/Certs are extracted to PEM
repeatedly causing many warnings during outbound TLS
authenticated replication

Fix Description: After more testing, if the connection is
dropped and restarted, the certpath is retrieved but
re-extraction does not occur. This still triggers the
warning however. To resolve this, we only warn about
the tpm namespace during library initialisation.

I really hope I got it right this time :(

fixes: #6340

Author: William Brown <william@blackhats.net.au>

Review by: @progier389 @vashirov
Firstyear added a commit that referenced this pull request Nov 29, 2024
@Firstyear
Issue 6340 - RFE - extract keys once (#6413)
ff9b909 
Bug Description: Keys/Certs are extracted to PEM
repeatedly causing many warnings during outbound TLS
authenticated replication

Fix Description: After more testing, if the connection is
dropped and restarted, the certpath is retrieved but
re-extraction does not occur. This still triggers the
warning however. To resolve this, we only warn about
the tpm namespace during library initialisation.

I really hope I got it right this time :(

fixes: #6340

Author: William Brown <william@blackhats.net.au>

Review by: @progier389 @vashirov
Firstyear added a commit that referenced this pull request Nov 29, 2024
@Firstyear
Issue 6340 - RFE - extract keys once (#6413)
2b040a9 
Bug Description: Keys/Certs are extracted to PEM
repeatedly causing many warnings during outbound TLS
authenticated replication

Fix Description: After more testing, if the connection is
dropped and restarted, the certpath is retrieved but
re-extraction does not occur. This still triggers the
warning however. To resolve this, we only warn about
the tpm namespace during library initialisation.

I really hope I got it right this time :(

fixes: #6340

Author: William Brown <william@blackhats.net.au>

Review by: @progier389 @vashirov
Firstyear added a commit that referenced this pull request Nov 29, 2024
@Firstyear
Issue 6340 - RFE - extract keys once (#6413)
0fe972f 
Bug Description: Keys/Certs are extracted to PEM
repeatedly causing many warnings during outbound TLS
authenticated replication

Fix Description: After more testing, if the connection is
dropped and restarted, the certpath is retrieved but
re-extraction does not occur. This still triggers the
warning however. To resolve this, we only warn about
the tpm namespace during library initialisation.

I really hope I got it right this time :(

fixes: #6340

Author: William Brown <william@blackhats.net.au>

Review by: @progier389 @vashirov
Firstyear added a commit that referenced this pull request Nov 29, 2024
@Firstyear
Issue 6340 - RFE - extract keys once (#6413)
9b5efd9 
Bug Description: Keys/Certs are extracted to PEM
repeatedly causing many warnings during outbound TLS
authenticated replication

Fix Description: After more testing, if the connection is
dropped and restarted, the certpath is retrieved but
re-extraction does not occur. This still triggers the
warning however. To resolve this, we only warn about
the tpm namespace during library initialisation.

I really hope I got it right this time :(

fixes: #6340

Author: William Brown <william@blackhats.net.au>

Review by: @progier389 @vashirov
Firstyear added a commit that referenced this pull request Nov 29, 2024
@Firstyear
Issue 6340 - RFE - extract keys once (#6413)
b03d88e 
Bug Description: Keys/Certs are extracted to PEM
repeatedly causing many warnings during outbound TLS
authenticated replication

Fix Description: After more testing, if the connection is
dropped and restarted, the certpath is retrieved but
re-extraction does not occur. This still triggers the
warning however. To resolve this, we only warn about
the tpm namespace during library initialisation.

I really hope I got it right this time :(

fixes: #6340

Author: William Brown <william@blackhats.net.au>

Review by: @progier389 @vashirov
Firstyear added a commit that referenced this pull request Nov 29, 2024
@Firstyear
Issue 6340 - RFE - extract keys once (#6413)
a3a7387 
Bug Description: Keys/Certs are extracted to PEM
repeatedly causing many warnings during outbound TLS
authenticated replication

Fix Description: After more testing, if the connection is
dropped and restarted, the certpath is retrieved but
re-extraction does not occur. This still triggers the
warning however. To resolve this, we only warn about
the tpm namespace during library initialisation.

I really hope I got it right this time :(

fixes: #6340

Author: William Brown <william@blackhats.net.au>

Review by: @progier389 @vashirov
@Firstyear
Copy link
Contributor Author

Firstyear commented Nov 29, 2024
edited
Loading 

   8330cbc6f..e56ce1187  389-ds-base-3.0 -> 389-ds-base-3.0
   979fb5db7..ff9b90991  389-ds-base-2.5 -> 389-ds-base-2.5
   1643e9868..2b040a9c1  389-ds-base-2.4 -> 389-ds-base-2.4
   bb9ca40d1..0fe972fe2  389-ds-base-2.3 -> 389-ds-base-2.3
   8afb46f71..9b5efd9fa  389-ds-base-2.2 -> 389-ds-base-2.2
   2b541c64b..b03d88e6e  389-ds-base-2.1 -> 389-ds-base-2.1
   4b34443ce..a3a738781  389-ds-base-2.0 -> 389-ds-base-2.0

@Firstyear Firstyear deleted the 20241121-can-this-finally-be-done branch November 29, 2024 03:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@progier389 progier389 progier389 approved these changes

@tbordaz tbordaz Awaiting requested review from tbordaz

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

excessive log warnings during certificate extraction
3 participants
@Firstyear @vashirov @progier389