Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test x509 intermediates correctly #34524

Merged
merged 1 commit into from
Oct 12, 2016
Merged

Test x509 intermediates correctly #34524

merged 1 commit into from
Oct 12, 2016

Conversation

liggitt
Copy link
Member

@liggitt liggitt commented Oct 11, 2016
edited by jessfraz
Loading

Fixes #34517

Test x509 intermediates correctly

This change is Reviewable

@k8s-github-robot k8s-github-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. release-note-label-needed labels Oct 11, 2016
@liggitt liggitt added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-label-needed labels Oct 11, 2016
liggitt
liggitt commented Oct 11, 2016
View reviewed changes
plugin/pkg/auth/authenticator/request/x509/x509.go
return nil, false, nil
}

// Use intermediates, if provided
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see https://golang.org/src/crypto/tls/handshake_server.go, processCertsFromClient for how the stdlib verifies the cert chain

only the leaf cert is verified, the remaining certs are client-supplied intermediates

@liggitt liggitt mentioned this pull request Oct 11, 2016
Closed
@liggitt liggitt mentioned this pull request Oct 11, 2016
Merged
@deads2k
Copy link
Contributor

deads2k commented Oct 11, 2016

lgtm. Tests aren't green though. Straight picks don't me to look at them again.

@deads2k deads2k added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 11, 2016
@liggitt
Copy link
Member Author

liggitt commented Oct 12, 2016
edited
Loading

flake #33388
@k8s-bot gce e2e test this

@liggitt liggitt added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Oct 12, 2016
@liggitt liggitt modified the milestone: v1.5 Oct 12, 2016
@k8s-github-robot
Copy link

@k8s-bot test this [submit-queue is verifying that this PR is safe to merge]

@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit ec6aba9 into kubernetes:master Oct 12, 2016
@liggitt liggitt deleted the x509-chain branch October 12, 2016 03:59
k8s-github-robot pushed a commit that referenced this pull request Oct 12, 2016
Merge pull request #34527 from liggitt/automated-cherry-pick-of-#3452…
b2e8638 
…4-upstream-release-1.4

Automatic merge from submit-queue

Automated cherry pick of #34524

Cherry pick of #34524 on release-1.4.

#34524: Test x509 intermediates correctly
@jessfraz jessfraz added cherrypick-candidate cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. labels Oct 12, 2016
@jessfraz jessfraz added this to the v1.4 milestone Oct 12, 2016
@k8s-cherrypick-bot
Copy link

Removing label cherrypick-candidate because no release milestone was set. This is an invalid state and thus this PR is not being considered for cherry-pick to any release branch. Please add an appropriate release milestone and then re-add the label.

@liggitt liggitt mentioned this pull request Oct 20, 2016
Merged
krousey referenced this pull request Oct 20, 2016
@krousey
Merge pull request #35212 from liggitt/automated-cherry-pick-of-#3452…
575c901 
…4-upstream-release-1.3

Automated cherry pick of #35212 

Manual merge because submit queue is blocked due to unrelated breakages on a branch that this isn't even merging into, and because this is a critical fix.
@liggitt liggitt mentioned this pull request Oct 21, 2016
Merged
roberthbailey added a commit that referenced this pull request Oct 21, 2016
@roberthbailey
Merge pull request #35260 from liggitt/automated-cherry-pick-of-#3452…
fac1222 
…4-upstream-release-1.2

Automated cherry pick of #34524
shyamjvs pushed a commit to shyamjvs/kubernetes that referenced this pull request Dec 1, 2016
Merge pull request kubernetes#34527 from liggitt/automated-cherry-pic…
97944ae 
…k-of-#34524-upstream-release-1.4

Automatic merge from submit-queue

Automated cherry pick of kubernetes#34524

Cherry pick of kubernetes#34524 on release-1.4.

kubernetes#34524: Test x509 intermediates correctly
shyamjvs referenced this pull request in shyamjvs/kubernetes Dec 1, 2016
@krousey
Merge pull request kubernetes#35212 from liggitt/automated-cherry-pic…
26dcf10 
…k-of-#34524-upstream-release-1.3

Automated cherry pick of kubernetes#35212 

Manual merge because submit queue is blocked due to unrelated breakages on a branch that this isn't even merging into, and because this is a critical fix.
shyamjvs pushed a commit to shyamjvs/kubernetes that referenced this pull request Dec 1, 2016
@roberthbailey
Merge pull request kubernetes#35260 from liggitt/automated-cherry-pic…
43fbe7b 
…k-of-#34524-upstream-release-1.2

Automated cherry pick of kubernetes#34524
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@erictune erictune

@deads2k deads2k

Labels
cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.4
Development

Successfully merging this pull request may close these issues.
7 participants
@liggitt @deads2k @k8s-github-robot @k8s-cherrypick-bot @jessfraz @googlebot @erictune