advancedtls: populate verified chains when using custom buildVerifyFunc #7181
Conversation
|
My local testing shows it ok though grpc-go/test/xds @ramesh-937457-0.sjc% go test Is there a way to trigger the re-test of it? |
|
@purnesh42H any documentation on who and how to add LABEL, MILESTONE so that all checks on this pull request will pass ? right now Mergeable is failing for missing LABEL, MILESTONE |
|
@mudhireddy I have assigned it to myself. I will discuss with other maintainers and update you back. Thanks! |
There was a problem hiding this comment.
Thanks for the PR! In general looks good, one big comment about where we set the value.
I'm reasoning through a few things on the overall code flow to make sure this wouldn't have any risk of leaking cert chains around if someone used the same credential with multiple connections - I'll update here when I'm done looking through that.
In the meanwhile, could you add tests that validate the expected behaviors here?
Also just curious, what is your use case for this?
dfawley
changed the title
Added tests. Reg use case we use the CommonName details from VerifiedChains |
|
@dfawley can you review this or assign to another go team member? |
|
@dfawley @gtcooke94, can I please get approval for this PR to merge ? |
|
Thank you guys for the review and approval. @gtcooke94, I see that it is still open, is it going to auto merge or do I need to do anything for it to merge ? |
| @@ -35,6 +35,8 @@ import ( | |||
| credinternal "google.golang.org/grpc/internal/credentials" | |||
| ) | |||
|
|
|||
| type CertificateChains [][]*x509.Certificate | |||
There was a problem hiding this comment.
Since this is an exported type, it should have a doc string.
This request is to address the issue opened #7176
Basically this patch will set the verifiedChains correctly when advancedtls package is used with buildVerifyFunc() and applications need to access TLSInfo.State.VerifiedChains in their logic.
RELEASE NOTES: none