Add cert authorization with common name support.#241
Merged
liuh-80 merged 18 commits intosonic-net:masterfrom Jun 13, 2024
Merged
Add cert authorization with common name support.#241liuh-80 merged 18 commits intosonic-net:masterfrom
liuh-80 merged 18 commits intosonic-net:masterfrom
Conversation
9 tasks
Contributor
Author
|
The yang model and service start script change in this PR: sonic-net/sonic-buildimage#18709 |
ganglyu
reviewed
Jun 5, 2024
| serverKey = flag.String("server_key", "", "TLS server private key") | ||
| insecure = flag.Bool("insecure", false, "Skip providing TLS cert and key, for testing only!") | ||
| allowNoClientCert = flag.Bool("allow_no_client_auth", false, "When set, telemetry server will request but not require a client certificate.") | ||
| clientCrtCname = flag.String("client_crt_cname", "", "Client cert common name") |
Contributor
There was a problem hiding this comment.
Do we need cname for dialout server?
Contributor
Author
There was a problem hiding this comment.
Reverted, confirmed with Zain, dialout not use in prod.
ganglyu
reviewed
Jun 5, 2024
| t.Errorf("CommonNameMatch with empty config table should success: %v", err) | ||
| } | ||
|
|
||
| cancel() |
Contributor
Author
There was a problem hiding this comment.
Fixed this and similar case
9 tasks
ganglyu
approved these changes
Jun 13, 2024
Contributor
Author
|
Cherry-pick to 202405 is done by PR #322 |
bingwang-ms
added
Included in 202405 Branch
and removed
Cherry Pick Conflict_202405
Request for 202405 Branch
labels
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add cert authorization with common name support.
Why I did it
Support cert authorization with common name.
How I did it
Load trusted cert common name from config DB and check cert common name.
How to verify it
Manually test.
Add new UT.
Work item tracking
Microsoft ADO (number only): 25226269
Which release branch to backport (provide reason below if selected)
Description for the changelog
Add cert authorization with common name support.
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)