luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent/config
History
Hans Hasselberg 315ba7d6ad
connect: check if intermediate cert needs to be renewed. (#6835) 
Currently when using the built-in CA provider for Connect, root certificates are valid for 10 years, however secondary DCs get intermediates that are valid for only 1 year. There is no mechanism currently short of rotating the root in the primary that will cause the secondary DCs to renew their intermediates.
This PR adds a check that renews the cert if it is half way through its validity period.

In order to be able to test these changes, a new configuration option was added: IntermediateCertTTL which is set extremely low in the tests.
 		2020-01-17 23:27:13 +01:00
..
builder.go connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
builder_oss.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
config.go auto_encrypt: set dns and ip san for k8s and provide configuration (#6944) 2020-01-17 23:25:26 +01:00
config_oss.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
default.go agent: configurable MaxQueryTime and DefaultQueryTime. (#3777) 2020-01-17 14:20:57 +01:00
default_oss.go OSS changes to allow for parsing the enterprise DNS config prop… (#6959) 2019-12-18 10:16:35 -05:00
doc.go
flags.go agent: configurable MaxQueryTime and DefaultQueryTime. (#3777) 2020-01-17 14:20:57 +01:00
flags_test.go
flagset.go
merge.go
merge_test.go
runtime.go auto_encrypt: set dns and ip san for k8s and provide configuration (#6944) 2020-01-17 23:25:26 +01:00
runtime_oss.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
runtime_oss_test.go OSS changes to allow for parsing the enterprise DNS config prop… (#6959) 2019-12-18 10:16:35 -05:00
runtime_test.go connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
segment_oss.go
segment_oss_test.go