luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/lib
History
Freddy 6ef38eaea7
Configure upstream TLS context with peer root certs (#13321) 
For mTLS to work between two proxies in peered clusters with different root CAs,
proxies need to configure their outbound listener to use different root certificates
for validation.

Up until peering was introduced proxies would only ever use one set of root certificates
to validate all mesh traffic, both inbound and outbound. Now an upstream proxy
may have a leaf certificate signed by a CA that's different from the dialing proxy's.

This PR makes changes to proxycfg and xds so that the upstream TLS validation
uses different root certificates depending on which cluster is being dialed.
 		2022-06-01 15:53:52 -06:00
..
decode lib/decode: fix hook to work with embedded squash struct 2021-09-22 13:22:16 -04:00
file bulk rewrite using this script 2022-01-20 10:46:23 -06:00
maps peering: replicate discovery chains information to importing peers 2022-05-19 14:21:44 -05:00
mutex lib/mutex: add mutex with TryLock and update vendor 2021-01-25 18:01:47 -05:00
retry Remove unused constant in retry.go 2022-05-17 15:34:04 -04:00
routine routine: fix that acl stops replicating after regaining leadership (#12295) (#12565) 2022-04-05 14:17:53 -04:00
semaphore testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
serf Add per-agent reconnect timeouts (#8781) 2020-10-08 15:02:19 -04:00
stringslice auto-reload configuration when config files change (#12329) 2022-03-31 15:11:49 -04:00
template Agent Auto Configuration: Configuration Syntax Updates (#8003) 2020-06-16 15:03:22 -04:00
ttlcache remove remaining shim runStep functions (#13015) 2022-05-10 16:24:45 -05:00
cluster.go Update cluster.go 2017-10-30 16:51:28 -07:00
cluster_test.go Integer division rounding to zero for rate scaling 2017-10-30 16:46:11 -07:00
eof.go Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
eof_test.go Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
glob.go Add IAM Auth Method (#12583) 2022-03-31 10:18:48 -05:00
glob_test.go Add IAM Auth Method (#12583) 2022-03-31 10:18:48 -05:00
json.go Add Namespace support to the API module and the CLI commands (#6874) 2019-12-06 11:14:56 -05:00
map_walker.go Allow MapWalk to handle []interface{} elements that are []uint8 (#5800) 2019-05-07 11:40:48 -04:00
map_walker_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
math.go Filter wildcard gateway services to match listener protocol 2020-05-06 15:06:13 -05:00
math_test.go Filter wildcard gateway services to match listener protocol 2020-05-06 15:06:13 -05:00
path.go Adds basic support for node IDs. 2017-01-17 22:47:59 -08:00
rand.go Use a cryptographically secure seed 2016-05-02 23:52:37 -07:00
rtt.go remove golint warnings 2018-01-28 22:40:13 +04:00
rtt_test.go Replace goe/verify.Values with testify/require.Equal (#7993) 2020-06-02 12:41:25 -04:00
stop_context.go fix typos reported by golangci-lint:misspell (#5434) 2019-03-06 11:13:28 -06:00
stop_context_test.go Add test to ensure the StopChannelContext works properly 2020-06-24 12:34:57 -04:00
strings.go Configure upstream TLS context with peer root certs (#13321) 2022-06-01 15:53:52 -06:00
telemetry.go telemetry: remove unused arg (#13161) 2022-05-19 19:17:30 -07:00
telemetry_test.go telemetry: remove unused arg (#13161) 2022-05-19 19:17:30 -07:00
translate.go config: use the new HookTranslateKeys instead of lib.TranslateKeys 2020-05-27 16:24:47 -04:00
translate_test.go Make a few config entry endpoints return 404s and allow for snake_case and lowercase key names. (#5748) 2019-04-30 18:19:19 -04:00
useragent.go Add a helper for generating Consul's user-agent string 2018-05-25 15:50:18 -04:00
useragent_test.go Add a helper for generating Consul's user-agent string 2018-05-25 15:50:18 -04:00
uuid.go New ACLs (#4791) 2018-10-19 12:04:07 -04:00