-
Notifications
You must be signed in to change notification settings - Fork 4.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add verify_subject_alt_name testing to integration tests (#725)
- Loading branch information
1 parent
2e6b853
commit e598e36
Showing
8 changed files
with
140 additions
and
52 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# What are the identities, certificates and keys | ||
There are 5 identities: | ||
- **CA**: Certificate Authority for **Client** and **Server**. It has the | ||
self-signed certificate *cacert.pem*. *cakey.pem* is its private key. | ||
- **Client**: It has the certificate *clientcert.pem*, signed by the **CA**. | ||
*clientkey.pem* is its private key. | ||
- **Server**: It has the certificate *servercert.pem*, which is signed by the | ||
**CA** using the config *servercert.cfg*. *serverkey.pem* is its private key. | ||
- **Upsteam CA**: Certificate Authority for **Upstream**. It has the self-signed | ||
certificate *upstreamcacert.pem*. *upstreamcakey.pem* is its private key. | ||
- **Upstream**: It has the certificate *upstreamcert.pem*, which is signed by | ||
the **Upstream CA** using the config *upstreamcert.cfg*. *upstreamkey.pem* is | ||
its private key. | ||
|
||
# How to update certificates | ||
**certs.sh** has the commands to generate all files. Running certs.sh directly | ||
will cause all files to be regenerated. So if you want to regenerate a | ||
particular file, please copy the corresponding commands from certs.sh and | ||
execute them in command line. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
[req] | ||
distinguished_name = req_distinguished_name | ||
req_extensions = v3_req | ||
|
||
[req_distinguished_name] | ||
countryName = US | ||
countryName_default = US | ||
stateOrProvinceName = CA | ||
stateOrProvinceName_default = CA | ||
localityName = San Francisco | ||
localityName_default = San Francisco | ||
organizationalUnitName = Lyft | ||
organizationalUnitName_default = Lyft | ||
commonName = Test Server | ||
commonName_max = 64 | ||
|
||
[v3_req] | ||
basicConstraints = CA:FALSE | ||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment | ||
subjectAltName = @alt_names | ||
|
||
[alt_names] | ||
URI.1 = istio:account_a.namespace_foo.cluster.local |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,16 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIICjTCCAfYCCQCGksmf8BshZDANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMC | ||
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28x | ||
DTALBgNVBAoMBEx5ZnQxDTALBgNVBAsMBFRlc3QxEDAOBgNVBAMMB1Rlc3QgQ0Ex | ||
HDAaBgkqhkiG9w0BCQEWDXRlc3RAbHlmdC5jb20wHhcNMTYwMTA5MjAwNjA0WhcN | ||
MTgwMTA4MjAwNjA0WjCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju | ||
aWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBEx5ZnQxDTALBgNV | ||
BAsMBFRlc3QxFDASBgNVBAMMC1Rlc3QgU2VydmVyMRwwGgYJKoZIhvcNAQkBFg10 | ||
ZXN0QGx5ZnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqtS9bbVbo | ||
4ZpO1uSBCDortIibXKByL1fgl7s2uJc77+vzJnqC9uLFYygU1Z198X6jaAjc/vUk | ||
LFVXZhOU8607Zex8X+CdZBjQqsN90X2Ste1wqJ7G5SAGhptd/nOfb1IdGa6YtwPT | ||
lVitnMTfRgG4fh+3DA51UulCGTfJXCaC3wIDAQABMA0GCSqGSIb3DQEBCwUAA4GB | ||
AD/GeVdxA5uNOX1x8DSo1GrdhxEqDEWpmGms0jFoRStgO2PsWNhBoXo/3yPWmsam | ||
GovtzLF4WapdtSTdn7ku91rx0BplNGOs0uuipnEtRoC7Eo31xaay4LppWTwtVZBA | ||
LaRR1p0mlCtvqI9dz25Uhl1UlXdvq+lHLxkAFp49CLYf | ||
MIICmjCCAgOgAwIBAgIJALd7PpOmDaMoMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD | ||
VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j | ||
aXNjbzENMAsGA1UECgwETHlmdDENMAsGA1UECwwEVGVzdDEQMA4GA1UEAwwHVGVz | ||
dCBDQTEcMBoGCSqGSIb3DQEJARYNdGVzdEBseWZ0LmNvbTAeFw0xNzA0MDgwNTQ3 | ||
MTBaFw0xOTA0MDgwNTQ3MTBaMEExCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEW | ||
MBQGA1UEBxMNU2FuIEZyYW5jaXNjbzENMAsGA1UECxMETHlmdDCBnzANBgkqhkiG | ||
9w0BAQEFAAOBjQAwgYkCgYEAqrUvW21W6OGaTtbkgQg6K7SIm1ygci9X4Je7NriX | ||
O+/r8yZ6gvbixWMoFNWdffF+o2gI3P71JCxVV2YTlPOtO2XsfF/gnWQY0KrDfdF9 | ||
krXtcKiexuUgBoabXf5zn29SHRmumLcD05VYrZzE30YBuH4ftwwOdVLpQhk3yVwm | ||
gt8CAwEAAaNSMFAwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwNgYDVR0RBC8wLYYr | ||
aXN0aW86YWNjb3VudF9hLm5hbWVzcGFjZV9mb28uY2x1c3Rlci5sb2NhbDANBgkq | ||
hkiG9w0BAQsFAAOBgQBGUZT++ypIOByf9jOYPmoegG1k+nybIdjSHlqWXdO+T5GZ | ||
Ew5qEfwDH9GTSyxtlFeU32PueJuSwg/7OduL7n78cqFTMS2gHkwAG6B+LQlDo2ou | ||
+qWZM3HvLTIdVF8/9ez0JpCsAYBWy5MUXy5E1wKBLTuPnhhLllepdrt+V+E2Tw== | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters