New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bug: ssl_certificate_authorities setting only loads the first certificate in each file. #153

Closed
jordansissel opened this Issue Oct 28, 2016 · 1 comment

Comments

Projects
None yet
2 participants
@jordansissel
Contributor

jordansissel commented Oct 28, 2016

Buggy code linked here:

collections[i] = (X509Certificate) certificateFactory.generateCertificate(in);

in = new FileInputStream(certificate);
collections[i] = (X509Certificate) certificateFactory.generateCertificate(in);

CertificateFactory.generateCertificate(...) only returns a single X509Certificate. However, a single file can contain multiple certificates.

Fix: Use CertificateFactory.generateCertificates(...) (the plural method name) which returns an array of X509Certificate.

@ph

This comment has been minimized.

Show comment
Hide comment
@ph

ph Oct 28, 2016

Contributor

lets make sure we also update the doc to reflect that changes.

This sentence under the certificates_authorities need to be removed.

This feature only supports certificates that are directly signed by your root CA. Intermediate CA are currently not supported.

Contributor

ph commented Oct 28, 2016

lets make sure we also update the doc to reflect that changes.

This sentence under the certificates_authorities need to be removed.

This feature only supports certificates that are directly signed by your root CA. Intermediate CA are currently not supported.

ph added a commit to ph/logstash-input-beats that referenced this issue Oct 28, 2016

Fix an issue with when client authentification is on and CA contains
multiples CA

Fix an issue when using client authentification and multiple CA defined
in the same **certificate_authorities** files. When the server read the
file it would only pick the first certificate in the file and ignore the
rest.

This problem could result in `unable to find valid certification path to
requested target` in Logstash and would refuse to let bet connect to it.

Fixes: #153

ph added a commit to ph/logstash-input-beats that referenced this issue Oct 28, 2016

Fix an issue with when client authentification is on and CA contains
multiples CA

Fix an issue when using client authentification and multiple CA defined
in the same **certificate_authorities** files. When the server read the
file it would only pick the first certificate in the file and ignore the
rest.

This problem could result in `unable to find valid certification path to
requested target` in Logstash and would refuse to let bet connect to it.

Fixes: #153

ph added a commit to ph/logstash-input-beats that referenced this issue Oct 28, 2016

Fix an issue with when client authentification is on and CA contains
multiples CA

Fix an issue when using client authentification and multiple CA defined
in the same **certificate_authorities** files. When the server read the
file it would only pick the first certificate in the file and ignore the
rest.

This problem could result in `unable to find valid certification path to
requested target` in Logstash and would refuse to let bet connect to it.

Fixes: #153
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment