Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add additional check for old SSL certificates #1771

Merged
merged 1 commit into from
Nov 30, 2017
Merged

Add additional check for old SSL certificates #1771

merged 1 commit into from
Nov 30, 2017

Conversation

aledbf
Copy link
Member

@aledbf aledbf commented Nov 29, 2017

What this PR does / why we need it:

fixes #1770

@k8s-reviewable
Copy link

This change is Reviewable

@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Nov 29, 2017
@aledbf aledbf mentioned this pull request Nov 29, 2017
Closed
@coveralls
Copy link

Coverage Status

Coverage decreased (-0.4%) to 36.841% when pulling 3ad53ec46aca6914961143bdaf2254baf6df7a35 on aledbf:verifyHostname into 37a230c on kubernetes:master.

@coveralls
Copy link

Coverage Status

Coverage decreased (-0.4%) to 36.881% when pulling 930bd7f on aledbf:verifyHostname into 37a230c on kubernetes:master.

@rikatz
Copy link
Contributor

rikatz commented Nov 30, 2017

@aledbf Tested here, it worked fine :)

Maybe we could also improve the error messages, they look pretty confuse, like:

unexpected error validating SSL certificate gestaoip-p/secret-tls for host systemx.domain.tld. Reason: x509: certificate is valid for systemx.domain.tld, not systemx.domain.tld

But I think THIS could be a TODO, so LGTM here :)

@jcmoraisjr FYI

@aledbf aledbf merged commit 5482bca into kubernetes:master Nov 30, 2017
@aledbf aledbf deleted the verifyHostname branch November 30, 2017 14:14
@cmosetick
Copy link

Has this been tested with Wildcard SSL certificates??
I'm seeing some issues with ingress nginx when Java 8 and Maven hit a ingress with a wild card certificate for a Nexus artifactory.
We were not seeing this issue with gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.15
but we have issues with gcr.io/google_containers/nginx-ingress-controller:0.9.0

@aledbf
Copy link
Member Author

aledbf commented Dec 18, 2017
edited
Loading

@cmosetick yes. Please post the log from the ingress controller and the output of
openssl x509 -in <cert> -text (remobing the cert and sensitive information)

Edit: open a new issue please

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Change in Certificate behaviour after upgrade to Go 1.9
6 participants
@aledbf @k8s-reviewable @coveralls @rikatz @cmosetick @k8s-ci-robot