Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only check validity of certs in the chain of the node certificates #4979

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Only check validity of certs in the chain of the node certificates #4979

wants to merge 1 commit into from

Conversation

cwperks
Copy link
Member

@cwperks cwperks commented Dec 20, 2024
edited
Loading

Description

This PR updates the certificate validation checks on bootup to limit validation to only the certificates within the chain of the node certificates. In 2.18.0 there was a change that validated all certificates contained in a bundle even if they were not part of the chain from the node certificates. Since those certs are not pertinent to OpenSearch, the validation does not need to occur.

Opening this in Draft as POC to start soliciting some feedback. Automated tests need to be added for different scenarios.

  • Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)

Bug fix

Issues Resolved

Related issue: #4949

See discussion on forum: https://forum.opensearch.org/t/is-this-an-issue-with-opensearch-or-the-security-plugin-upgrading-from-2-17-1-to-2-18-0/22395

Check List

  • New functionality includes testing
  • New functionality has been documented
  • New Roles/Permissions have a corresponding security dashboards plugin PR
  • API changes companion pull request created
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@cwperks cwperks changed the title Only check validate of certs in the chain of the node certificates Only check validity of certs in the chain of the node certificates Dec 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DarshitChanpura DarshitChanpura Awaiting requested review from DarshitChanpura DarshitChanpura will be requested when the pull request is marked ready for review DarshitChanpura is a code owner

@derek-ho derek-ho Awaiting requested review from derek-ho derek-ho will be requested when the pull request is marked ready for review derek-ho is a code owner

@nibix nibix Awaiting requested review from nibix nibix will be requested when the pull request is marked ready for review nibix is a code owner

@peternied peternied Awaiting requested review from peternied peternied will be requested when the pull request is marked ready for review peternied is a code owner

@RyanL1997 RyanL1997 Awaiting requested review from RyanL1997 RyanL1997 will be requested when the pull request is marked ready for review RyanL1997 is a code owner

@reta reta Awaiting requested review from reta reta will be requested when the pull request is marked ready for review reta is a code owner

@willyborankin willyborankin Awaiting requested review from willyborankin willyborankin will be requested when the pull request is marked ready for review willyborankin is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@cwperks