Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Heartbeat] Record TLS Metadata for expired/invalid certs #14588

Merged
merged 3 commits into from
Nov 19, 2019

Conversation

andrewvc
Copy link
Contributor

@andrewvc andrewvc commented Nov 18, 2019

This patch fixes #13687 .

Previously heartbeat would only traverse valid x509 cert chains, with this PR it now traverses all certs provided by the server.

This also fixes the issue where no SSL metadata would be shown if validation was disabled.

This patch fixes elastic#13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.
@andrewvc andrewvc requested a review from ruflin November 18, 2019 17:32
@andrewvc andrewvc requested a review from a team as a code owner November 18, 2019 17:32
@andrewvc andrewvc self-assigned this Nov 18, 2019
@andrewvc andrewvc added Team:obs-ds-hosted-services Label for the Observability Hosted Services team bug Heartbeat v7.5.1 labels Nov 18, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/uptime (:uptime)

Copy link
Member

@ruflin ruflin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, did not manually test it.

To summarise the change: The main change is in tls.go:65 and gest the full list of certificates instead of "only" the verified chains.

@andrewvc
Copy link
Contributor Author

Build failures are unrelated.

@andrewvc andrewvc merged commit eff54c3 into elastic:master Nov 19, 2019
andrewvc added a commit to andrewvc/beats that referenced this pull request Nov 19, 2019
)

This patch fixes elastic#13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit eff54c3)
andrewvc added a commit to andrewvc/beats that referenced this pull request Nov 19, 2019
)

This patch fixes elastic#13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit eff54c3)
andrewvc added a commit that referenced this pull request Nov 20, 2019
…14620)

This patch fixes #13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit eff54c3)
andrewvc added a commit to andrewvc/beats that referenced this pull request Nov 20, 2019
)

This patch fixes elastic#13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit eff54c3)
andrewvc added a commit that referenced this pull request Nov 22, 2019
…14621)

This patch fixes #13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit eff54c3)
andrewvc added a commit that referenced this pull request Nov 25, 2019
…14673)

This patch fixes #13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit eff54c3)
leweafan pushed a commit to leweafan/beats that referenced this pull request Apr 28, 2023
) (elastic#14621)

This patch fixes elastic#13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit b69ecd2)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Heartbeat Team:obs-ds-hosted-services Label for the Observability Hosted Services team v7.5.1
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Heartbeat] For an HTTPS monitor heartbeat doesn't capture expired ssl certificate information
3 participants