open-consul/connect
Matt Keeler 62c631368d
Connect: Verify the leaf cert to determine its readiness. (#4540)
This improves the checking so that if a certificate were to expire or the roots changed then we will go into a non-ready state.

This parses the x509 certificates from the TLS certificate when the leaf is set. The readyCh will be closed whenever a parseable certificate is set and the ca roots are set. This does not mean that the certificate is valid but that it has been setup and is generally valid. The Ready function will now do x509 certificate verification which will in addition to verifying the signatures with the installed CA roots will also verify the certificate isn't expired or not set to become valid in the future. 

The correct way to use these functions is to wait for the ReadyWait chan to be closed and then periodically check the readiness to determine if the certificate is currently useable.
2018-09-07 10:58:06 -04:00
..
certgen Rework connect/proxy and command/connect/proxy. End to end demo working again 2018-06-14 09:41:57 -07:00
proxy Fixed flaky tests (#4626) 2018-09-04 12:31:51 +01:00
example_test.go connect.Service based implementation after review feedback. 2018-06-14 09:41:56 -07:00
resolver.go Implement missing HTTP host to ConsulResolver func for Connect SDK. 2018-07-13 22:39:18 +01:00
resolver_test.go Implement missing HTTP host to ConsulResolver func for Connect SDK. 2018-07-13 22:39:18 +01:00
service.go Connect: Verify the leaf cert to determine its readiness. (#4540) 2018-09-07 10:58:06 -04:00
service_test.go Fixed flaky tests (#4626) 2018-09-04 12:31:51 +01:00
testing.go TLS watching integrated into Service with some basic tests. 2018-06-14 09:42:07 -07:00
tls.go Connect: Verify the leaf cert to determine its readiness. (#4540) 2018-09-07 10:58:06 -04:00
tls_test.go Connect: Verify the leaf cert to determine its readiness. (#4540) 2018-09-07 10:58:06 -04:00