Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extract end-entity certificate data only #4856

Closed
wants to merge 1 commit into from
Closed

Extract end-entity certificate data only #4856

wants to merge 1 commit into from

Conversation

woodsb02
Copy link
Contributor

The previous code was iterating over each certificate in the chain and over-writing the "fields" variable with each subsequent certificate. This had the effect of only extracting the data from the last certificate in the chain (typically the issuing authority certificate), when actually the user is likely expecting the first (the end-entity certificate).

Required for all PRs:

  • Signed CLA.
  • Associated README.md updated.
  • Has appropriate unit tests.

Extract end-entity certificate data only
cd57828 
The previous code was iterating over each certificate in the chain and over-writing the "fields" variable with each subsequent certificate. This had the effect of only extracting the data from the last certificate in the chain (typically the issuing authority certificate), when actually the user is likely expecting the first (the end-entity certificate).
@glinton glinton added the feat Improvement on an existing feature such as adding a new setting/mode to an existing plugin label Oct 15, 2018
danielnelson
danielnelson suggested changes Oct 17, 2018
View reviewed changes
Copy link
Contributor

@danielnelson danielnelson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we should add a tag so that we can report all certificates in the chain. @jtyr @sepetrov what do you think?

plugins/inputs/x509_cert/x509_cert.go
for _, cert := range certs {
fields := getFields(cert, now)
// Only extract data from the end-entity certificate (first in the chain)
fields := getFields(certs[0], now)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test the length of certs before indexing, just in case.

@danielnelson
Copy link
Contributor

related #4873

@jtyr
Copy link
Contributor

jtyr commented Oct 18, 2018

Having the option to report all or a selected cert (by default the last one) would be nice.

@danielnelson
Copy link
Contributor

I think we will do #4873 instead which reports all certificates with additional tags.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danielnelson danielnelson danielnelson requested changes

@glinton glinton glinton approved these changes

Assignees
No one assigned
Labels
feat Improvement on an existing feature such as adding a new setting/mode to an existing plugin
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@woodsb02 @danielnelson @jtyr @glinton