Fernando Diaz
1ffeb2cee1
Enhance Certificate Logging and Clearup Mutual Auth Docs
...
Adds better logging to errors caused when getting a Certificate.
Adds notes and updates documentation for Mutual Authentication.
2017-09-27 11:09:37 -05:00
Manuel de Brito Fontes
0661eaa08c
Cleanup
2017-09-17 16:12:58 -03:00
Manuel de Brito Fontes
c3dd00c7b4
Simplify verification of hostname in ssl certificates
2017-08-09 23:27:57 -04:00
Manuel de Brito Fontes
98a95282f9
Add field FileSHA in BasicDigest struct
2017-07-31 22:08:09 -04:00
Manuel de Brito Fontes
14a02d128c
Simplify handling of ssl certificates
2017-07-12 15:29:03 -04:00
Manuel de Brito Fontes
4ee2bdc302
Add support for SubjectAltName in SSL certificates
2017-06-20 19:47:06 -04:00
Fabian Ruff
8304feb497
ensure private key and certificate match
...
Adding an ingress tls secret with a non matching certificate and private key break at least the nginx-controller permanently until the offending secret is deleted.
In that case nginx refuses to start/reload with an error like this:
```
Error: exit status 1
2017/06/13 12:16:53 [emerg] 51#51: SSL_CTX_use_PrivateKey_file("/ingress-controller/ssl/monsoon3-tls-baremetal-3-eu-de-1-cloud-sap.pem") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/ingress-controller/ssl/tls-baremetal-3-example-com.pem") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: configuration file /tmp/nginx-cfg728491545 test failed
```
2017-06-13 15:16:24 +02:00
Giancarlo Rubio
d9cf043552
Instrument nginx to expose metric "ssl certficate expiration time "
...
Add a console warning message 10 days before the certificate expire
2017-06-13 13:44:00 +02:00
chentao1596
37bdb3952e
fix all go style mistakes about fmt.Errorf
2017-03-17 08:35:55 +08:00
Andreas Kohn
3dece0ab70
Avoid a nil-reference when the temporary file cannot be created
2017-03-14 13:52:38 +01:00
Gorka Lerchundi Osa
e1c1dfadc7
allow specifying custom dh param
...
fixes #162
2017-03-08 15:32:32 +01:00
Ricardo Pchevuzinske Katz
e107e2b87f
Temporary PEM Files cleanup
2017-03-06 16:33:44 -03:00
Ricardo Pchevuzinske Katz
51235a38e8
Removes wrong secret enqueing and improve the Fake Cert generation
2017-03-06 16:29:33 -03:00
Ricardo Pchevuzinske Katz
6c1b45a663
Generates a Self signed certificate for default vhost if the secret doesn't exists
...
Generates a Self signed certificate for default vhost if the secret doesn't exists
modified: core/pkg/ingress/controller/backend_ssl.go
modified: core/pkg/ingress/controller/controller.go
modified: core/pkg/net/ssl/ssl.go
2017-03-06 09:21:08 -03:00
Ricardo Pchevuzinske Katz
02fbf00fcb
Checks if the TLS secret contains a valid keypair structure, with 'CERTIFICATE' before the Private Key
2017-03-01 15:44:39 -03:00
Ricardo Pchevuzinske Katz
a342c0bce3
Adds correct support for TLS Muthual autentication and depth verification
...
modified: controllers/nginx/configuration.md
modified: controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
modified: core/pkg/ingress/annotations/authtls/main.go
modified: core/pkg/ingress/controller/backend_ssl.go
modified: core/pkg/ingress/controller/controller.go
modified: core/pkg/ingress/controller/util_test.go
modified: core/pkg/ingress/resolver/main.go
modified: core/pkg/ingress/types.go
modified: core/pkg/net/ssl/ssl.go
modified: examples/PREREQUISITES.md
new file: examples/auth/client-certs/nginx/README.md
new file: examples/auth/client-certs/nginx/nginx-tls-auth.yaml
2017-02-24 22:49:01 -03:00
Joao Morais
b7e8bde0e9
Fix panic if a tempfile cannot be created
2017-02-03 18:50:51 -02:00
Ricardo Pchevuzinske Katz
a930b29e41
Changes the SSL Temp file to something inside the same SSL Directory
2017-01-24 11:21:49 -02:00
Manuel de Brito Fontes
5a8e090736
Add Generic interface
2016-11-23 21:17:49 -03:00
Manuel de Brito Fontes
ed9a416b01
Split implementations from generic code
2016-11-23 21:17:49 -03:00
