Skip to content

[v13] Fix disconnect_expired_cert when Kube Identity forwarding is used#25058

Merged
tigrato merged 2 commits intobranch/v13from
bot/backport-24913-branch/v13
Apr 24, 2023
Merged

[v13] Fix disconnect_expired_cert when Kube Identity forwarding is used#25058
tigrato merged 2 commits intobranch/v13from
bot/backport-24913-branch/v13

Conversation

@tigrato
Copy link
Copy Markdown
Contributor

@tigrato tigrato commented Apr 24, 2023

Backport #24913 to branch/v13

tigrato added 2 commits April 24, 2023 09:19
@tigrato
Fix disconnect_expired_cert not being respected for Kube
8684cdc 
Teleport 13 introduces the identity forwarding mechanism that allows
a proxy to forward the client's identity without re-signing a new
certificate on his behalf. Proxy uses its certificate key pair and it's
valid for a long period of time resulting in the current version not
respecting the connection termination.

This PR removes the parsing of the connection certificate and uses the
value provided by the unmapped identity - supports the new and old
forwarding methods.

Fixes #24910
@tigrato
fix test
99f348a
@public-teleport-github-review-bot public-teleport-github-review-bot Bot removed the request for review from ibeckermayer April 24, 2023 12:58
@tigrato tigrato added this pull request to the merge queue Apr 24, 2023
Merged via the queue into branch/v13 with commit 8bea4c4 Apr 24, 2023
@tigrato tigrato deleted the bot/backport-24913-branch/v13 branch April 24, 2023 13:23
@r0mant r0mant mentioned this pull request Jul 14, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@espadolini espadolini espadolini approved these changes

@zmb3 zmb3 zmb3 approved these changes

Assignees

No one assigned

Labels

backport kubernetes-access size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tigrato @espadolini @zmb3