-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add cert authorization with common name support. #241
Add cert authorization with common name support. #241
Conversation
The yang model and service start script change in this PR: sonic-net/sonic-buildimage#18709 |
@@ -22,6 +22,7 @@ var ( | |||
serverKey = flag.String("server_key", "", "TLS server private key") | |||
insecure = flag.Bool("insecure", false, "Skip providing TLS cert and key, for testing only!") | |||
allowNoClientCert = flag.Bool("allow_no_client_auth", false, "When set, telemetry server will request but not require a client certificate.") | |||
clientCrtCname = flag.String("client_crt_cname", "", "Client cert common name") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need cname for dialout server?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reverted, confirmed with Zain, dialout not use in prod.
t.Errorf("CommonNameMatch with empty config table should success: %v", err) | ||
} | ||
|
||
cancel() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not aligned.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed this and similar case
Cherry-pick to 202405 is done by PR #322 |
Add cert authorization with common name support.
Why I did it
Support cert authorization with common name.
How I did it
Load trusted cert common name from config DB and check cert common name.
How to verify it
Manually test.
Add new UT.
Work item tracking
Microsoft ADO (number only): 25226269
Which release branch to backport (provide reason below if selected)
Description for the changelog
Add cert authorization with common name support.
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)