Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rotate certificate upon valid principals change. #2812

Merged
merged 1 commit into from
Jun 28, 2019
Merged

Rotate certificate upon valid principals change. #2812

merged 1 commit into from
Jun 28, 2019

Conversation

russjones
Copy link
Contributor

Description

Ignore 0.0.0.0 when checking if certificate needs to be rotated.

klizhentas
klizhentas reviewed Jun 28, 2019
View reviewed changes
lib/service/connect.go Outdated Show resolved Hide resolved
@russjones
Rotate certificate upon valid principals change.
39464aa 
Ignore 0.0.0.0 when checking if certificate needs to be rotated.
klizhentas
klizhentas reviewed Jun 28, 2019
View reviewed changes
lib/service/connect.go
// updated, the list of principals (SSH) or DNS names (TLS) on the
// certificate need to be updated.
if len(additionalPrincipals) != 0 && !conn.ServerIdentity.HasPrincipals(principalsToCheck) {
principalsChanged = true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if all you care about is that the certificates have changed, you can return here, and avoid the extra variable?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's for logging purposes, so we can debug what changed (was it SSH or TLS or both).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gotcha

klizhentas
klizhentas reviewed Jun 28, 2019
View reviewed changes
lib/service/connect.go
additionalPrincipals, conn.ServerIdentity.Cert.ValidPrincipals)
}
if len(dnsNames) != 0 && !conn.ServerIdentity.HasDNSNames(dnsNames) {
dnsNamesChanged = true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto here?

@russjones russjones merged commit c19765a into master Jun 28, 2019
@russjones russjones deleted the rjones/refix-rotate branch June 28, 2019 23:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@klizhentas klizhentas klizhentas approved these changes

@fspmarshall fspmarshall Awaiting requested review from fspmarshall

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@russjones @klizhentas