Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/probes: Certificate expiry cannot advance on reload #16840

Closed
BenPope opened this issue Mar 1, 2024 · 0 comments · Fixed by #17233
Closed

net/probes: Certificate expiry cannot advance on reload #16840

BenPope opened this issue Mar 1, 2024 · 0 comments · Fixed by #17233
Assignees
@oleiman
Labels
area/metrics area/net Networking and RPC kind/bug Something isn't working sev/medium Bugs that do not meet criteria for high or critical, but are more severe than low.

Comments

@BenPope
Copy link
Member

BenPope commented Mar 1, 2024

Version & Environment

Redpanda version: v23.3.1+

What went wrong?

Reloading a certificate doesn't advance the expiry time.

What should have happened instead?

Metric should update to the new expiry.

How to reproduce the issue?

  1. Start Redpanda with a certificate (ca or server) that expires at x
  2. Replace the certificate with an expiry of y > x
  3. Observe metric says that expiry is still x

Fix the code

_cert_expiry_time and _ca_expiry_time should be reset near the beginning, but it should also be fail safe, so the instinctive choice of setting it to time_point::max() is probably not ideal.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@oleiman oleiman

Labels
area/metrics area/net Networking and RPC kind/bug Something isn't working sev/medium Bugs that do not meet criteria for high or critical, but are more severe than low.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

TLS Metrics: Ensure that recorded expiries advance on credentials reload oleiman/redpanda
3 participants
@BenPope @oleiman @michael-redpanda