Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authorize: do not rely on Envoy client cert validation #4438

Merged
merged 2 commits into from Aug 3, 2023
Merged

authorize: do not rely on Envoy client cert validation #4438

merged 2 commits into from Aug 3, 2023

Conversation

kenjenkins
Copy link
Contributor

Summary

Partially revert #4374: do not record the peerCertificateValidated() result as reported by Envoy, as this does not work correctly for resumed TLS sessions. Instead always record the certificate chain as presented by the client. Remove the corresponding ClientCertificateInfo Validated field, and update affected code accordingly.

Related issues

#4396, #4257

User Explanation

Checklist

  • reference any related issues
  • updated docs
  • updated unit tests
  • updated UPGRADING.md
  • add appropriate tag (improvement / bug / etc)
  • ready for review

@kenjenkins
authorize: do not rely on Envoy client cert validation
3ba6841 
Partially revert #4374: do not record the peerCertificateValidated()
result as reported by Envoy, as this does not work correctly for resumed
TLS sessions. Instead always record the certificate chain as presented
by the client. Remove the corresponding ClientCertificateInfo Validated
field, and update affected code accordingly.
@kenjenkins
fix evaluator_test, skip CRL integration test case
345b24f
@kenjenkins kenjenkins requested a review from a team as a code owner August 3, 2023 15:14
@coveralls
Copy link

Coverage Status

coverage: 63.62% (-0.03%) from 63.649% when pulling 345b24f on kenjenkins/revert-envoy-validated into 465de43 on main.

@kenjenkins kenjenkins merged commit e91600c into main Aug 3, 2023
9 checks passed
@kenjenkins kenjenkins deleted the kenjenkins/revert-envoy-validated branch August 3, 2023 17:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@calebdoxsey calebdoxsey calebdoxsey approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kenjenkins @coveralls @calebdoxsey