Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go/common/identity: Save re-generated sentry client and node's persistent TLS certificate #4382

Merged
merged 2 commits into from
Mar 31, 2022
Merged

go/common/identity: Save re-generated sentry client and node's persistent TLS certificate #4382

merged 2 commits into from
Mar 31, 2022

Conversation

tjanez
Copy link
Member

@tjanez tjanez commented Nov 30, 2021
edited
Loading

Sentry client TLS certificate is always re-generated from the private key when the Oasis Node starts.

Previously, the re-generated sentry client TLS certificate was not saved to disk, which caused confusion since the on-disk certificate file (i.e. sentry_client_tls_identity_cert.pem) had incorrect/outdated expiry date.

Also, save re-generated node's persistent TLS certificate. If a node's TLS certificate is persistent, it is always re-generated from the private key when the Oasis Node starts.

Previously, the re-generated node's persistent TLS certificate was not saved to disk, which caused confusion since the on-disk certificate file (i.e. tls_identity_cert.pem) had incorrect/outdated expiry date.

@tjanez tjanez mentioned this pull request Nov 30, 2021
Closed
@tjanez tjanez force-pushed the tjanez/sentry-client-cert-save branch 2 times, most recently from 1dad914 to ca993a4 Compare March 30, 2022 21:50
@tjanez tjanez changed the title go/common/identity: Save re-generated sentry client TLS certificate go/common/identity: Save re-generated sentry client and node's persistent TLS certificate Mar 30, 2022
@tjanez tjanez marked this pull request as ready for review March 30, 2022 21:53
@tjanez tjanez requested a review from kostko March 31, 2022 08:42
@codecov
Copy link

codecov bot commented Mar 31, 2022
edited
Loading

Codecov Report

Merging #4382 (ca993a4) into master (53d2644) will decrease coverage by 0.08%.
The diff coverage is 60.00%.

❗ Current head ca993a4 differs from pull request most recent head 86460bf. Consider uploading reports for the commit 86460bf to get more accurate results

@@            Coverage Diff             @@
##           master    #4382      +/-   ##
==========================================
- Coverage   67.15%   67.07%   -0.09%     
==========================================
  Files         430      430              
  Lines       48655    48653       -2     
==========================================
- Hits        32675    32632      -43     
- Misses      11961    11991      +30     
- Partials     4019     4030      +11
Impacted Files Coverage Δ
go/common/identity/identity.go 73.14% <60.00%> (-0.31%) ⬇️
go/worker/storage/committee/utils.go 92.30% <0.00%> (-7.70%) ⬇️
go/worker/storage/p2p/sync/client.go 80.64% <0.00%> (-6.46%) ⬇️
go/worker/storage/committee/node.go 75.79% <0.00%> (-3.44%) ⬇️
go/common/grpc/grpc.go 82.24% <0.00%> (-2.08%) ⬇️
...consensus/tendermint/apps/registry/transactions.go 54.83% <0.00%> (-1.69%) ⬇️
go/runtime/host/multi/multi.go 73.52% <0.00%> (-1.48%) ⬇️
.../consensus/tendermint/apps/registry/state/state.go 60.55% <0.00%> (-1.12%) ⬇️
go/roothash/api/grpc.go 45.18% <0.00%> (-0.84%) ⬇️
go/registry/api/api.go 56.69% <0.00%> (-0.76%) ⬇️
... and 13 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4c8b1c1...86460bf. Read the comment docs.

tjanez added 2 commits March 31, 2022 13:37
@tjanez
go/common/identity: Save re-generated sentry client TLS certificate
92f14a2 
Sentry client TLS certificate is always re-generated from the private
key when the Oasis Node starts.

Previously, the re-generated sentry client TLS certificate was not saved
to disk, which caused confusion since the on-disk certificate file (i.e.
sentry_client_tls_identity_cert.pem) had incorrect/outdated expiry date.
@tjanez
go/common/identity: Save re-generated node's persistent TLS certificate
86460bf 
If a node's TLS certificate is persistent, it is always re-generated
from the private key when the Oasis Node starts.

Previously, the re-generated node's persistent TLS certificate was not
saved to disk, which caused confusion since the on-disk certificate file
(i.e. tls_identity_cert.pem) had incorrect/outdated expiry date.
@tjanez tjanez force-pushed the tjanez/sentry-client-cert-save branch from ca993a4 to 86460bf Compare March 31, 2022 11:37
@tjanez tjanez enabled auto-merge March 31, 2022 11:37
@tjanez tjanez merged commit 472b406 into master Mar 31, 2022
@tjanez tjanez deleted the tjanez/sentry-client-cert-save branch March 31, 2022 12:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kostko kostko kostko approved these changes

@Yawning Yawning Awaiting requested review from Yawning

@peterjgilbert peterjgilbert Awaiting requested review from peterjgilbert peterjgilbert is a code owner

@pro-wh pro-wh Awaiting requested review from pro-wh pro-wh is a code owner

@ptrus ptrus Awaiting requested review from ptrus ptrus is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tjanez @kostko