When certificate_authorities is configured for ServerConfig, we now set client auth to required
#12584
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… set client auth to `required` When a CA is explicitly set in the configuration options we now default the client authentication to required.
|
Need backport to 6.8, 7.0, 7.1 and 7.2 |
|
jenkins test this |
ph
commented
Jun 17, 2019
| @@ -99,9 +99,9 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d | |||
| - Skipping unparsable log entries from docker json reader {pull}12268[12268] | |||
| - Parse timezone in PostgreSQL logs as part of the timestamp {pull}12338[12338] | |||
| - Require client_auth by default when ssl is enabled for tcp input {pull}12333[12333] | |||
| - Require certificate authorities, certificate file, and key when SSL is enabled for the TCP input. {pull}12355[12355] | |||
There was a problem hiding this comment.
that was not correctly removed from a previous revert.
urso
approved these changes
Jun 17, 2019
|
A corresponding update in the reference configs would be great, eg: beats/filebeat/filebeat.reference.yml Lines 672 to 674 in 8707c9b |
ph
added a commit
to ph/beats
that referenced
this pull request
Jun 17, 2019
… set client auth to `required` (elastic#12584) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` When a CA is explicitly set in the configuration options we now default the client authentication to required. (cherry picked from commit 7f99982)
ph
added
v6.8.1
and removed
needs_backport
ph
added a commit
to ph/beats
that referenced
this pull request
Jun 17, 2019
… set client auth to `required` (elastic#12584) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` When a CA is explicitly set in the configuration options we now default the client authentication to required. (cherry picked from commit 7f99982)
ph
added a commit
to ph/beats
that referenced
this pull request
Jun 17, 2019
… set client auth to `required` (elastic#12584) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` When a CA is explicitly set in the configuration options we now default the client authentication to required. (cherry picked from commit 7f99982)
ph
added a commit
to ph/beats
that referenced
this pull request
Jun 17, 2019
… set client auth to `required` (elastic#12584) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` When a CA is explicitly set in the configuration options we now default the client authentication to required. (cherry picked from commit 7f99982)
ph
added a commit
to ph/beats
that referenced
this pull request
Jun 17, 2019
… set client auth to `required` (elastic#12584) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` When a CA is explicitly set in the configuration options we now default the client authentication to required. (cherry picked from commit 7f99982)
ph
added a commit
that referenced
this pull request
Jun 18, 2019
…ed for ServerConfig, we now set client auth to `required` (#12586) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` (#12584) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` When a CA is explicitly set in the configuration options we now default the client authentication to required. (cherry picked from commit 7f99982)
ph
added a commit
that referenced
this pull request
Jun 18, 2019
…ed for ServerConfig, we now set client auth to `required` (#12585) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` (#12584) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` When a CA is explicitly set in the configuration options we now default the client authentication to required. (cherry picked from commit 7f99982)
ph
added a commit
that referenced
this pull request
Jun 18, 2019
…ed for ServerConfig, we now set client auth to `required` (#12587) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` (#12584) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` When a CA is explicitly set in the configuration options we now default the client authentication to required. (cherry picked from commit 7f99982)
ph
added a commit
that referenced
this pull request
Jun 18, 2019
…ed for ServerConfig, we now set client auth to `required` (#12589) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` (#12584) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` When a CA is explicitly set in the configuration options we now default the client authentication to required. (cherry picked from commit 7f99982)
simitt
reviewed
Jun 18, 2019
| @@ -99,9 +99,9 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d | |||
| - Skipping unparsable log entries from docker json reader {pull}12268[12268] | |||
| - Parse timezone in PostgreSQL logs as part of the timestamp {pull}12338[12338] | |||
| - Require client_auth by default when ssl is enabled for tcp input {pull}12333[12333] | |||
There was a problem hiding this comment.
This line should also be removed with the fix.
There was a problem hiding this comment.
Correct, since this PR change that logic it make sense to make sure that the changelog is clear.
ph
added a commit
to ph/beats
that referenced
this pull request
Jun 18, 2019
Because of TLS changes for client_authentication in elastic#12584, we should remove the foloowing lines in the changelog to reduce any change of confusion. reported by @simitt
ph
added a commit
that referenced
this pull request
Jun 18, 2019
ph
added a commit
that referenced
this pull request
Jun 18, 2019
…ed for ServerConfig, we now set client auth to `required` (#12588) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` (#12584) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` When a CA is explicitly set in the configuration options we now default the client authentication to required. (cherry picked from commit 7f99982) * fixed changelog
urso
pushed a commit
to urso/beats
that referenced
this pull request
Jun 21, 2019
…es` is configured for ServerConfig, we now set client auth to `required` (elastic#12587)" This reverts commit 51566ec.
leweafan
pushed a commit
to leweafan/beats
that referenced
this pull request
Apr 28, 2023
…onfigured for ServerConfig, we now set client auth to `required` (elastic#12586) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` (elastic#12584) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` When a CA is explicitly set in the configuration options we now default the client authentication to required. (cherry picked from commit c3291b7)
leweafan
pushed a commit
to leweafan/beats
that referenced
this pull request
Apr 28, 2023
…onfigured for ServerConfig, we now set client auth to `required` (elastic#12588) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` (elastic#12584) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` When a CA is explicitly set in the configuration options we now default the client authentication to required. (cherry picked from commit c3291b7) * fixed changelog
leweafan
pushed a commit
to leweafan/beats
that referenced
this pull request
Apr 28, 2023
…onfigured for ServerConfig, we now set client auth to `required` (elastic#12589) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` (elastic#12584) * When `certificate_authorities` is configured for ServerConfig, we now set client auth to `required` When a CA is explicitly set in the configuration options we now default the client authentication to required. (cherry picked from commit c3291b7)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When a CA is explicitly set in the configuration options we now default
the client authentication to required.