Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implemented TLS client certificate authentication #86

Merged
merged 2 commits into from
Apr 20, 2020
Merged

Implemented TLS client certificate authentication #86

merged 2 commits into from
Apr 20, 2020

Conversation

Fluepke
Copy link
Contributor

@Fluepke Fluepke commented Feb 21, 2020

Proposed changes

Implemented options to specify:

  • a client certificate (and key) in PEM format to authenticate against the server
  • a CA certificate in PEM format to authenticate the server

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING guide
  • I have proven my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have ensured the README is up to date
  • I have rebased my branch onto master
  • I will ensure my PR is targeting the master branch and pulling from my branch on my own fork

@pleshakov
Copy link
Contributor

@Fluepke thx for the PR! we'll review it and get back to you shortly

@pleshakov pleshakov added the enhancement Pull requests for new features/feature enhancements label Feb 26, 2020
pleshakov
pleshakov reviewed Feb 26, 2020
View reviewed changes
Copy link
Contributor

@pleshakov pleshakov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @Fluepke!

The PR looks good! I found a small problem -- please see my comment.

Additionally, could you possibly run gofmt against the code as it is not properly formatted?

exporter.go Outdated
log.Fatalf("Loading CA cert failed: %v", err)
}
sslCaCertPool := x509.NewCertPool()
sslCaCertPool.AppendCertsFromPEM(caCert)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AppendCertsFromPEM function reports whether any certificates were successfully parsed in a boolean returned argument. Could you possible check that result and fatal with an error if there is a problem?

lucacome
lucacome requested changes Feb 26, 2020
View reviewed changes
Copy link
Member

@lucacome lucacome left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good @Fluepke! Just a small suggestion.

exporter.go Outdated Show resolved Hide resolved
@lucacome
Copy link
Member

Hi @Fluepke

just wanted to check if you're planning to address our suggestions or if you want us to take over the PR 🙂

Thanks

lucacome
lucacome approved these changes Apr 20, 2020
View reviewed changes
Copy link
Member

@lucacome lucacome left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

pleshakov
pleshakov approved these changes Apr 20, 2020
View reviewed changes
Copy link
Contributor

@pleshakov pleshakov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@pleshakov pleshakov mentioned this pull request Apr 20, 2020
Closed
@lucacome lucacome merged commit 831abae into nginxinc:master Apr 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pleshakov pleshakov pleshakov approved these changes

@lucacome lucacome lucacome approved these changes

Assignees
No one assigned
Labels
enhancement Pull requests for new features/feature enhancements
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Fluepke @pleshakov @lucacome