etcd/pkg at 37fe4b9afac63b8269184168bd01787cad866844 - etcd

mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00

History

Piotr Tabor 2d0ce9de3d etcdmain: grpc-proxy should only require CN-less certificates for --cert flags.

We have following communication schema:
client --- 1 ---> grpc-proxy --- 2 --- > etcd-server

There are 2 sets of flags/certs in grpc proxy [ https://github.com/etcd-io/etcd/blob/master/etcdmain/grpc_proxy.go#L140 ]:
 A. (cert-file, key-file, trusted-ca-file, auto-tls) this are controlling [1] so client to proxy connection and in particular they are describing proxy public identity.
 B. (cert,key, cacert ) - these are controlling [2] so what's the identity that proxy uses to make connections to the etcd-server.

If 2 (B.) contains certificate with CN and etcd-server is running with --client-cert-auth=true, the CN can be used as identity of 'client' from service perspective. This is permission escalation, that we should forbid.

If 1 (A.) contains certificate with CN - it should be considered perfectly valid. The server can (should) have full identity.

So only --cert flag (and not --cert-file flag) should be validated for empty CN.

2020-09-07 11:59:28 +02:00

adt

package adt: rename the filename to be consistent with the package name (#12170 )

2020-07-28 14:40:34 -07:00

contention

*: add missing godoc package descriptions

2016-05-27 15:15:26 -07:00

cpuutil

pkg: clean up code format

2018-07-21 15:49:58 -07:00

crc

*: add missing package descriptions

2015-11-17 20:54:10 -08:00

debugutil

pkg/debugutil: add 'mutex' profiler (Go 1.8+)

2017-04-18 10:56:06 -07:00

expect

tests/e2e: Update github.com/creack/pty v1.1.7 -> v1.1.11

2020-08-04 16:12:12 +02:00

fileutil

pkg: file stat warning (#12242 )

2020-08-23 17:20:16 -07:00

flags

go.mod: use go.etcd.io/etcd/v3 versioning

2020-04-28 00:57:35 +00:00

httputil

pkg/httputil: add "GetHostname"

2018-02-28 17:27:40 -08:00

idutil

pkg/idutil: use count field as atomic variable

2018-04-27 00:44:45 +08:00

ioutil

go.mod: use go.etcd.io/etcd/v3 versioning

2020-04-28 00:57:35 +00:00

logutil

go.mod: use go.etcd.io/etcd/v3 versioning

2020-04-28 00:57:35 +00:00

mock

etcdserver/*, wal/*: add Sync method

2020-05-13 08:47:47 -07:00

netutil

go.mod: use go.etcd.io/etcd/v3 versioning

2020-04-28 00:57:35 +00:00

osutil

pkg: remove capnslog (#11616 )

2020-02-12 11:15:41 -08:00

pathutil

pkg: update LICENSE header

2016-05-12 20:48:53 -07:00

pbutil

pkg: remove capnslog (#11616 )

2020-02-12 11:15:41 -08:00

proxy

go.mod: use go.etcd.io/etcd/v3 versioning

2020-04-28 00:57:35 +00:00

report

pkg/*: fix "unconvert" warnings

2018-04-30 15:32:16 -07:00

runtime

etcdserver: Use Readdirnames to count fds for FDUsage

2020-08-20 16:51:29 +02:00

schedule

*: replace 'golang.org/x/net/context' with 'context'

2017-09-07 13:39:42 -07:00

srv

go.mod: use go.etcd.io/etcd/v3 versioning

2020-04-28 00:57:35 +00:00

stringutil

pkg/stringutil: add tests

2018-04-08 14:18:09 -07:00

systemd

pkg/logutil: error when it can't find journal socket

2018-05-16 14:34:49 -07:00

testutil

./integration: Fix flakes due to .setupLogging race.

2020-08-07 13:54:41 +02:00

tlsutil

pkg/tlsutil: add "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" to support cipher suite

2020-05-10 18:36:28 -07:00

traceutil

etcdserver: add trace for txn request (#11491 )

2020-04-04 14:46:03 -07:00

transport

etcdmain: grpc-proxy should only require CN-less certificates for --cert flags.

2020-09-07 11:59:28 +02:00

types

go.mod: use go.etcd.io/etcd/v3 versioning

2020-04-28 00:57:35 +00:00

wait

pkg/wait: change list's lock to RWMutex

2017-08-27 18:23:18 +08:00

README.md

pkg: add README.md

2014-10-26 16:28:48 -07:00

README.md

pkg/ is a collection of utility packages used by etcd without being specific to etcd itself. A package belongs here only if it could possibly be moved out into its own repository in the future.