luxolus
/
open-nomad
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-nomad/.semgrep
History
Luiz Aoqui 0e09b120e4
fix mTLS certificate check on agent to agent RPCs (#11998) 
PR #11956 implemented a new mTLS RPC check to validate the role of the
certificate used in the request, but further testing revealed two flaws:

  1. client-only endpoints did not accept server certificates so the
     request would fail when forwarded from one server to another.
  2. the certificate was being checked after the request was forwarded,
     so the check would happen over the server certificate, not the
     actual source.

This commit checks for the desired mTLS level, where the client level
accepts both, a server or a client certificate. It also validates the
cercertificate before the request is forwarded.
 		2022-02-04 20:35:20 -05:00
..
changelog.yml ci: add semgrep (#11934) 2022-01-26 16:32:47 -05:00
go_tests.yml ci: add semgrep (#11934) 2022-01-26 16:32:47 -05:00
rpc_endpoint.yml fix mTLS certificate check on agent to agent RPCs (#11998) 2022-02-04 20:35:20 -05:00
time_after.yml add semgrep rule to check for potential time.After leaks (#12001) 2022-02-03 17:33:07 -05:00