-
Notifications
You must be signed in to change notification settings - Fork 110
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Sanitize TLS config that has key bundled with cert
Modify the extended validation logic to copy any private key found in the certificate data of a route's TLS configuration to its key data. Extended validation validates a route's TLS configuration using any key that is specified in either the TLS configuration's certificate data or its key data. As a result, a route that specifies the certificate and key together in the certificate data may pass extended validation and be admitted. However, the certificate manager only wrote the certificate out if the TLS configuration had nonempty key data. As a result, a route with a valid certificate and key could be admitted but the certificate and key not written out, which would cause HAProxy to fail to load. This commit fixes bug 1843856. https://bugzilla.redhat.com/show_bug.cgi?id=1843856 * pkg/router/routeapihelpers/validation.go (splitCertKey): New function. Take sanitized PEM data and split it into public and private parts. (ExtendedValidateRoute): Use splitCertKey to parse out any private parts that are in the certificate data. Prepend any private parts found in the certificate data to the TLS configuration's key. * pkg/router/routeapihelpers/validation_test.go: Add test case.
- Loading branch information
Showing
2 changed files
with
70 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters