Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix support for TLS input trusted certs directories #5958

Merged
merged 1 commit into from Jul 9, 2019

Conversation

@mpfz0r
Copy link
Member

commented May 22, 2019

The Input configuration TLS Client Auth Trusted Certs used to support
either a file, or a directory of certificates.
This got broken in 3.0 with PR #4397

  • Fix this by extending loadCertificates() to also handle directories.
  • Delete the old TrustManager based version that is not used anymore.
  • Extend the KeyUtilTest and use Resources.getResource() instead,
    which does not rely on the resources to exist in the target directory.

Fixes #5939

@mpfz0r mpfz0r added this to the 3.0.3 milestone May 22, 2019

Fix support for TLS input trusted certs directories
The Input configuration TLS Client Auth Trusted Certs used to support
either a file, or a directory of certificates.
This got broken in 3.0 with PR #4397

- Fix this by extending loadCertificates() to also handle directories.
- Delete the old TrustManager based version that is not used anymore.
- Extend the KeyUtilTest and use `Resources.getResource()` instead,
  which does not rely on the resources to exist in the target directory.

Fixes #5939

@mpfz0r mpfz0r force-pushed the issue-5939 branch from 7e121a4 to f488fbe May 22, 2019

@mpfz0r mpfz0r requested a review from bernd Jul 8, 2019

@kmerz kmerz self-assigned this Jul 8, 2019

@kmerz
kmerz approved these changes Jul 9, 2019
Copy link
Member

left a comment

How I tested:

  • Created a RawTcpInput with ClientCertAuth and confiugred the trusted cert with and without directory
  • Used a valid and a not valid ClientCert

LGTM 👍

@kmerz kmerz merged commit ee071b9 into master Jul 9, 2019

4 checks passed

ci-web-linter Jenkins build graylog-pr-linter-check 3596 has succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
graylog-project/pr Jenkins build graylog-project-pr-snapshot 3945 has succeeded
Details
license/cla Contributor License Agreement is signed.
Details

@kmerz kmerz deleted the issue-5939 branch Jul 9, 2019

kmerz added a commit that referenced this pull request Jul 9, 2019
Fix support for TLS input trusted certs directories (#5958)
The Input configuration TLS Client Auth Trusted Certs used to support
either a file, or a directory of certificates.
This got broken in 3.0 with PR #4397

- Fix this by extending loadCertificates() to also handle directories.
- Delete the old TrustManager based version that is not used anymore.
- Extend the KeyUtilTest and use `Resources.getResource()` instead,
  which does not rely on the resources to exist in the target directory.

Fixes #5939
mpfz0r added a commit that referenced this pull request Jul 9, 2019
Fix support for TLS input trusted certs directories (#5958) (#6102)
The Input configuration TLS Client Auth Trusted Certs used to support
either a file, or a directory of certificates.
This got broken in 3.0 with PR #4397

- Fix this by extending loadCertificates() to also handle directories.
- Delete the old TrustManager based version that is not used anymore.
- Extend the KeyUtilTest and use `Resources.getResource()` instead,
  which does not rely on the resources to exist in the target directory.

Fixes #5939
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.