Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

server: check NotAfter when loading journal #5836

Merged
merged 1 commit into from
Feb 6, 2025
Merged

server: check NotAfter when loading journal #5836

merged 1 commit into from
Feb 6, 2025

Conversation

sorindumitru
Copy link
Collaborator

Otherwise we can end up with expired CAs which leads to issues later on, such as in #5796

Pull Request check list

  • Commit conforms to CONTRIBUTING.md?
  • Proper tests/regressions included?
  • Documentation updated?

Affected functionality
spire-server CA journal loading

Description of change
Verify that the keys in the journal are not expired before loading them.

Which issue this PR fixes
fixes #5796

amartinezfayo
amartinezfayo previously approved these changes Feb 6, 2025
View reviewed changes
Copy link
Member

@amartinezfayo amartinezfayo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @sorindumitru, LGTM!

pkg/server/ca/manager/slot.go Show resolved Hide resolved
@amartinezfayo
Copy link
Member

Looks like the DCO check failed, maybe because the commit was done from the GitHub UI?
You may force push to have this fixed.

@sorindumitru
server: check NotAfter when loading journal
d623468 
Otherwise we can end up with expired CAs which leads to issues

Signed-off-by: Sorin Dumitru <[email protected]>
@sorindumitru sorindumitru merged commit 9e09851 into spiffe:main Feb 6, 2025
35 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amartinezfayo amartinezfayo amartinezfayo approved these changes

@evan2645 evan2645 Awaiting requested review from evan2645 evan2645 is a code owner

@MarcosDY MarcosDY Awaiting requested review from MarcosDY MarcosDY is a code owner

@rturner3 rturner3 Awaiting requested review from rturner3 rturner3 is a code owner

Assignees

@amartinezfayo amartinezfayo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Recovery documentation
2 participants
@sorindumitru @amartinezfayo