Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Cert Verification #75

Closed
stevenctl opened this issue Nov 9, 2022 · 2 comments
Closed

Implement Cert Verification #75

stevenctl opened this issue Nov 9, 2022 · 2 comments
Assignees
@stevenctl
Labels
area/authentication Area: Authentication (TLS and Identity) P0 size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Milestone
M1: L4 Traffic Ba...

Comments

@stevenctl
Copy link
Contributor

Currently, we present certs and encrypt, but we
do not verify the root cert or spiffe://. We must have
this on both client/server.
@stevenctl stevenctl added area/authentication Area: Authentication (TLS and Identity) P0 size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Nov 9, 2022
@stevenctl stevenctl self-assigned this Nov 14, 2022
@stevenctl
Copy link
Contributor Author

Made an initial impl that seems to be broken now. The client only sees the ztunnel's own identity being presented..

@stevenctl
Copy link
Contributor Author

stevenctl commented Nov 28, 2022
edited
Loading

It was not broken, but I ran with an non-ambient version of pilot. Changed to fail fast if the CA responds with a cert that we already know we will deny later.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stevenctl stevenctl

Labels
area/authentication Area: Authentication (TLS and Identity) P0 size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
ztunnel tracking
Status: Done
Milestone
M1: L4 Traffic Basic Functionality
Development

No branches or pull requests
1 participant
@stevenctl