You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2019/03/18 18:24:16 UTC
[GitHub] [trafficcontrol] rawlinp opened a new pull request #3417: Fix add
sslkeys endpoint to always use the input certificate
rawlinp opened a new pull request #3417: Fix add sslkeys endpoint to always use the input certificate
URL: https://github.com/apache/trafficcontrol/pull/3417
## Which issue is fixed by this PR? If not related to an existing issue, what does this PR do?
Sometimes, the Certificate.Verify method will remove elements from a
valid certificate chain. Instead of using the output of that method,
always use the user input certificate and return a warning if the input
certificate does not match the output of the Certificate.Verify method.
Fixes #3398
## Which TC components are affected by this PR?
- [ ] Documentation
- [ ] Grove
- [ ] Traffic Analytics
- [ ] Traffic Monitor
- [x] Traffic Ops
- [ ] Traffic Ops ORT
- [ ] Traffic Portal
- [ ] Traffic Router
- [ ] Traffic Stats
- [ ] Traffic Vault
- [ ] Other _________
## What is the best way to verify this PR? Please include manual steps or automated tests.
### (If no tests are part of this PR, please provide explanation as to why no tests are included.)
Includes changes to the unit tests, but there is currently an unrelated unit test failure in statuses_test.go which should be addressed in a separate PR:
```
# github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/status [github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/status.test]
status/statuses_test.go:82:20: too few values in TOStatus literal
```
Manual verification can be done by adding an sslkey to a delivery service that would normally get mangled by the API and checking that the stored cert matches the input cert.
If you don't have a cert like that on hand, you can still check by adding a non-self-signed cert and verifying that the stored cert matches the input cert.
## Check all that apply
- [x] This PR includes tests
- [ ] This PR includes documentation updates
- [ ] This PR includes an update to CHANGELOG.md
- [x] This PR includes all required license headers
- [ ] This PR includes a database migration (ensure that migration sequence is correct)
- [ ] This PR fixes a serious security flaw. Read more: [www.apache.org/security](http://www.apache.org/security/)
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services