-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[platform] Add support to use chained certificates in platform. #8789
Comments
Arnav15
added a commit
that referenced
this issue
Jun 9, 2021
Summary: The platform worked under the assumption that each certificate input will be a single certificate object, which is an incorrect assumption in most situations, since this will not be the case in most situations. We will almost always have a certificate chain with an intermediate and a root. This diff ensures we respect all certificates being sent as input while uploading the certificate content, as well as it ensures that the yb-client uses all certs present in the file for the trust store. Test Plan: yb-client: Added a unit test. platform: 1) Added a unit test. 2) Verified via the cloud workflow. Sent a chain of self-signed certificate to use for generating the server certificates, and verified the universe creation worked as expected. Reviewers: hkandala, sanketh Reviewed By: sanketh Subscribers: jenkins-bot, asingh, yugaware Differential Revision: https://phabricator.dev.yugabyte.com/D11839
hkandala
pushed a commit
that referenced
this issue
Jul 27, 2021
…m/yb-client. Summary: The platform worked under the assumption that each certificate input will be a single certificate object, which is an incorrect assumption in most situations, since this will not be the case in most situations. We will almost always have a certificate chain with an intermediate and a root. This diff ensures we respect all certificates being sent as input while uploading the certificate content, as well as it ensures that the yb-client uses all certs present in the file for the trust store. Original diff: https://phabricator.dev.yugabyte.com/D11839 Original commit: 930d103 Test Plan: Jenkins: rebase: 2.6 yb-client: Added a unit test. platform: 1) Added a unit test. 2) Verified via the cloud workflow. Sent a chain of self-signed certificate to use for generating the server certificates, and verified the universe creation worked as expected. Reviewers: sanketh, arnav Reviewed By: arnav Subscribers: yugaware, asingh, jenkins-bot Differential Revision: https://phabricator.dev.yugabyte.com/D12384
hkandala
pushed a commit
that referenced
this issue
Jul 29, 2021
…m/yb-client. Summary: The platform worked under the assumption that each certificate input will be a single certificate object, which is an incorrect assumption in most situations, since this will not be the case in most situations. We will almost always have a certificate chain with an intermediate and a root. This diff ensures we respect all certificates being sent as input while uploading the certificate content, as well as it ensures that the yb-client uses all certs present in the file for the trust store. Original diff: https://phabricator.dev.yugabyte.com/D11839 Original commit: 930d103 Few dependencies from this commit (37cf988) are also included Test Plan: Jenkins: rebase: 2.4 yb-client: Added a unit test. platform: 1) Added a unit test. 2) Verified via the cloud workflow. Sent a chain of self-signed certificate to use for generating the server certificates, and verified the universe creation worked as expected. Reviewers: arnav, sanketh Reviewed By: arnav Subscribers: hsu, yugaware, asingh, jenkins-bot Differential Revision: https://phabricator.dev.yugabyte.com/D12412
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the platform code worked under the assumption that the certificate entries in the input will be single certificates, which is not extendable since most of the times there will be a cert chain being provided.
The text was updated successfully, but these errors were encountered: