You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
istioctl outputs the cert serial numbers as ints. Example:
$ istioctl pc secret deploy/httpbin
RESOURCE NAME TYPE STATUS VALID CERT SERIAL NUMBER NOT AFTER NOT BEFORE
ROOTCA CA ACTIVE true 189528483449735573061036961712154224034 2033-02-28T22:52:30Z 2023-03-03T22:52:30Z
Since the actual cert shows the serial number in hex (e.g. 8e:95:db:b0:4f:26:a3:9b:33:25:2a:a8:51:32:25:a2) it would make sense to show it in a similar format in istioctl, unless there's a reason why %d (not %x) is used when writing out the value.
Version
$ istioctl version
client version: 1.18-alpha.eadc06845f1811964f06d6d7876b477c5840ffb2
control plane version: 1.18-alpha.eadc06845f1811964f06d6d7876b477c5840ffb2
data plane version: 1.18-alpha.eadc06845f1811964f06d6d7876b477c5840ffb2 (2 proxies)
❯ kubectl version
WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version.
Client Version: version.Info{Major:"1", Minor:"26", GitVersion:"v1.26.0", GitCommit:"b46a3f887ca979b1a5d14fd39cb1af43e7e5d12d", GitTreeState:"clean", BuildDate:"2022-12-08T19:51:43Z", GoVersion:"go1.19.4", Compiler:"gc", Platform:"darwin/arm64"}
Kustomize Version: v4.5.7
Server Version: version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.3", GitCommit:"434bfd82814af038ad94d62ebe59b133fcb50506", GitTreeState:"clean", BuildDate:"2022-10-25T19:38:29Z", GoVersion:"go1.19.2", Compiler:"gc", Platform:"linux/arm64"}
Additional Information
No response
The text was updated successfully, but these errors were encountered:
I think it makes sense to revise to the hex value. However, tools like OpenSSL use both formats, and we may need to convert the format only when the number is large enough?
In my scenario I used openssl x509 -in some-cert.pem -text -noout and that one only shows the serial # in hex, so it would make it so much easier to compare if istioctl shows in hex as well.
I can prepare a quick PR that changes the bigint into hex( it's a %d to %x change, unless we want to incorporate : as well)
Yes, I think revising to hex is great. By the way, I've double-checked with short serial numbers, which will be displayed in a format like 123456 (hex number). As a result, I think only showing hex is fine.
Bug Description
istioctl outputs the cert serial numbers as ints. Example:
$ istioctl pc secret deploy/httpbin RESOURCE NAME TYPE STATUS VALID CERT SERIAL NUMBER NOT AFTER NOT BEFORE ROOTCA CA ACTIVE true 189528483449735573061036961712154224034 2033-02-28T22:52:30Z 2023-03-03T22:52:30Z
Since the actual cert shows the serial number in hex (e.g.
8e:95:db:b0:4f:26:a3:9b:33:25:2a:a8:51:32:25:a2
) it would make sense to show it in a similar format in istioctl, unless there's a reason why%d
(not%x
) is used when writing out the value.Version
Additional Information
No response
The text was updated successfully, but these errors were encountered: