Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Standard grpc mTLS #3909

Draft
wants to merge 34 commits into
base: main
Choose a base branch
from
Draft

Standard grpc mTLS #3909

wants to merge 34 commits into from

Conversation

georgeliao
Copy link
Contributor

@georgeliao georgeliao commented Jan 30, 2025

WIP

  1. how to re-generate root certificate and signed server certificate, delete the server certificate and key
  2. how to re-generate client certificate, delete the client certificate and key and delete the authenticated cert in the server side
  3. Unit tests before and after
  4. x509 constructor, how it generates certificate for server client before and how server, root, client after, the format difference, the server vs root vs client certs, what kind of traits should they have, what changes we made.
  5. how to guarantee the new install of multipass generate the root certificate and regenerate the server certificate with signing.
    /home/georgel/.local/share/multipass-client-certificate/multipass_cert.pem,
    openssl x509 -in /root/.local/share/multipassd/certificates/localhost.pem -noout -text
    /usr/local/share/ca-certificates/multipass_root_cert.pem

root cert attached to the server name?

@georgeliao georgeliao changed the title Standard grpc mTLs Standard grpc mTLS Jan 30, 2025
@georgeliao georgeliao marked this pull request as draft January 30, 2025 11:42
Copy link

codecov bot commented Jan 31, 2025

Codecov Report

Attention: Patch coverage is 89.13043% with 10 lines in your changes missing coverage. Please review.

Project coverage is 89.12%. Comparing base (51783a4) to head (c815486).
Report is 4 commits behind head on main.

Files with missing lines Patch % Lines
src/cert/ssl_cert_provider.cpp 89.41% 9 Missing ⚠️
src/utils/utils.cpp 66.66% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #3909      +/-   ##
==========================================
+ Coverage   89.10%   89.12%   +0.01%     
==========================================
  Files         255      255              
  Lines       14600    14622      +22     
==========================================
+ Hits        13010    13032      +22     
  Misses       1590     1590              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

…generated signed server certificate. Client side ssl option is also updated accordingly.

Unit tests are broken temporarily due to this change.
Added the root certificate and signed server certificate. Note, the client_cert key and certificate are default mock_ssl_cert_provider output and as a result these two variables are used as the server certificate key pair in almost all unit tests.
Made the mock_cert_provider using the default certificate and key pair which is the client_cert and client_key in the file mock_cert_provider.h. Meanwhile, the make_secure_stub is also updated to make the unit tests pass.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant