tls: Add subjectLocalCertificate to get local cert subject.#2319
tls: Add subjectLocalCertificate to get local cert subject.#2319mattklein123 merged 4 commits intoenvoyproxy:masterfrom colabsaumoh:ssl-local-subject
Conversation
Signed-off-by: Saurabh Mohan <saurabh+github@tigera.io>
mattklein123
left a comment
mattklein123
left a comment
There was a problem hiding this comment.
Looks reasonable to me. @ggreenway or @PiotrSikora any comments?
|
@saumoh please merge master and fix tests also. |
ggreenway
left a comment
ggreenway
left a comment
There was a problem hiding this comment.
LGTM, with one possible comment/doc improvement.
| virtual std::string uriSanLocalCertificate() PURE; | ||
|
|
||
| /** | ||
| * @return the subject field of the local certificate in RFC 2253 format. Returns "" if there is |
There was a problem hiding this comment.
+1 on citing the RFC in the comment. Can you please also put a simple example value, so I don't have to look up the RFC to know approximately what this function returns?
There was a problem hiding this comment.
@saumoh Can you either make the doc change here or comment on why it's not a good idea?
There was a problem hiding this comment.
@ggreenway I should have mentioned that i added some sample values in one of the follow up commits.
409f159#diff-ded6386c66f63a1375432303053ca7eeR290
Signed-off-by: Saurabh Mohan <saurabh+github@tigera.io>
Signed-off-by: Saurabh Mohan <saurabh+github@tigera.io>
Signed-off-by: Saurabh Mohan <saurabh+github@tigera.io>
|
@ggreenway @mattklein123 Thx for the review. i've addressed review feedback and tests are passing now :-) |
* working except -id * add logs * review comments
Description: Updates the exposed KeyValueStore type to be a more traditional implementable interface, and provides a simple persisting implementation based on Android SharedPreferences. Risk: Low Testing: Application Signed-off-by: Mike Schore <mike.schore@gmail.com> Signed-off-by: JP Simard <jp@jpsim.com>
Description: Updates the exposed KeyValueStore type to be a more traditional implementable interface, and provides a simple persisting implementation based on Android SharedPreferences. Risk: Low Testing: Application Signed-off-by: Mike Schore <mike.schore@gmail.com> Signed-off-by: JP Simard <jp@jpsim.com>
3 participants
Description:
Add subjectLocalCertificate().
In filling out the external auth proto's Principal It may be required that the local certificates subject needs to be used.
Here I am adding the missing api that in tls/ssl so that the value may be extracted from the certificate.
See also #2291
Risk Level: Low
Testing:
Wrote ut that test the subjects in ssl (local and peer). Also added test to check for local SAN.
Docs Changes:
N/A
Release Notes:
N/A