Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tentacles using an old thumbprint can connect until the server is restarted #3032

Closed
matt-richardson opened this issue Dec 22, 2016 · 5 comments
Closed

Tentacles using an old thumbprint can connect until the server is restarted #3032

matt-richardson opened this issue Dec 22, 2016 · 5 comments
Milestone
3.12.3

Comments

@matt-richardson
Copy link
Contributor

  1. Configure a polling tentacle
  2. Run a health check
    => it will succeed
  3. Change the certificate thumbprint on the machine edit screen to something random (but leave the Tentacle with the existing thumbprint
  4. Run a healthcheck again
    => It succeeds, but it should fail, as the certificate thumbprint doesn’t match...
@matt-richardson
Copy link
Contributor Author

Notes:

  • Removal needs to be threadsafe
  • Removal needs to disconnect any live threads

@droyad droyad added the gc label Jan 3, 2017
@droyad
Copy link
Contributor

droyad commented Apr 4, 2017

We don't see this as a problem. Authentication is done when the connection is established.

@droyad droyad closed this as completed Apr 4, 2017
@droyad droyad added the closed/wontfix This issue was closed because we have decided not to make the suggested changes label Apr 4, 2017
@droyad droyad changed the title Editing the thumbprint of a Tentacle via the Octopus portal does not disconnect the Tentacle Tentacles using an old thumbprint can connect until the server is restarted Apr 4, 2017
@droyad
Copy link
Contributor

droyad commented Apr 4, 2017

  1. Configure a polling tentacle
  2. Run a health check
  3. Edit the thumbprint in the Web UI
  4. Restart the tentacle
  5. Expect it to not allow reconnection, however it does.

Existing connections should not be dropped though

@droyad droyad reopened this Apr 4, 2017
@droyad droyad removed gc closed/wontfix This issue was closed because we have decided not to make the suggested changes labels Apr 4, 2017
@droyad droyad added this to the 3.12.3 milestone Apr 18, 2017
@droyad droyad closed this as completed Apr 18, 2017
@droyad
Copy link
Contributor

droyad commented Apr 18, 2017

Release Note: Polling connections are no longer accepted if the trusted thumbprint has been edited but the server has not been restarted

@lock
Copy link

lock bot commented Nov 24, 2018

This thread has been automatically locked since there has not been any recent activity after it was closed. If you think you've found a related issue, please contact our support team so we can triage your issue, and make sure it's handled appropriately.

@lock lock bot locked as resolved and limited conversation to collaborators Nov 24, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.12.3
Development

No branches or pull requests
3 participants
@PaulStovell @matt-richardson @droyad