Commits on Jul 9, 2020

1. Sanitize TLS config that has key bundled with cert …

   Modify the extended validation logic to copy any private key found in the
   certificate field of a route's TLS configuration to its key field.
   
   Extended validation validates a route's TLS configuration using any key
   that is specified in either the TLS configuration's certificate field or
   its key field.  As a result, a route that specifies the certificate and key
   together in the certificate field may pass extended validation and be
   admitted.  However, the certificate manager only wrote the certificate out
   if the TLS configuration had a nonempty key field.  As a result, a route
   with a valid certificate and key could be admitted but the certificate and
   key not written out, which would cause HAProxy to fail to load.
   
   This commit fixes bug 1843856.
   
   https://bugzilla.redhat.com/show_bug.cgi?id=1843856
   
   * pkg/router/routeapihelpers/validation.go (splitCertKey): New function.
   Take sanitized PEM data and split it into public and private parts.
   (ExtendedValidateRoute): Use splitCertKey to parse out any private parts
   that are in the certificate field of the TLS configuration.  Prepend any
   private parts found in the certificate data to the TLS configuration's key.
   * pkg/router/routeapihelpers/validation_test.go: Add test cases.

   

   Miciah committed Jul 9, 2020
   Configuration menu

   • View commit details
   • Copy full SHA for 2dfa244
   • Browse repository at this point

   Copy the full SHA

   2dfa244 View commit details

   Browse the repository at this point in the history