Emissary should verify that TLS secrets contain valid PEM #3821

kflynn · 2021-09-22T16:10:44Z

If you point a TLSContext at a secret containing bogus junk, Emissary will happily try to use it, but Envoy validation will fail. There's no real point in allowing Emissary to pass such a broken secret to Envoy -- we can, and should, validate it syntactically before attempting to use it at all.

The text was updated successfully, but these errors were encountered:

khussey · 2022-02-11T03:37:50Z

This has been addressed in Emissary-ingress 2.2, which is now available.

khussey added the t:debt Piece of accumulated technical debt label Oct 13, 2021

khussey added this to the 2021 Cycle 7 milestone Oct 13, 2021

khussey added the w:3 Targeted for third week of development cycle label Oct 25, 2021

khussey added w:4 Targeted for fourth week of development cycle and removed w:3 Targeted for third week of development cycle labels Nov 2, 2021

khussey assigned kflynn Nov 11, 2021

khussey modified the milestones: 2021 Cycle 7, 2022 Cycle 1 Jan 4, 2022

khussey removed the w:4 Targeted for fourth week of development cycle label Jan 5, 2022

khussey added the w:5 Targeted for fifth week of development cycle label Jan 27, 2022

khussey closed this as completed Feb 11, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Emissary should verify that TLS secrets contain valid PEM #3821

Emissary should verify that TLS secrets contain valid PEM #3821

kflynn commented Sep 22, 2021

khussey commented Feb 11, 2022

Emissary should verify that TLS secrets contain valid PEM #3821

Emissary should verify that TLS secrets contain valid PEM #3821

Comments

kflynn commented Sep 22, 2021

khussey commented Feb 11, 2022