Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RavenDB-22210 Pin leaf and any issuer in the chain #18502

Merged
merged 4 commits into from
May 14, 2024
Merged

RavenDB-22210 Pin leaf and any issuer in the chain #18502

merged 4 commits into from
May 14, 2024

Conversation

hiddenshadow21
Copy link
Contributor

@hiddenshadow21 hiddenshadow21 commented May 10, 2024
edited

Issue link

https://issues.hibernatingrhinos.com/issue/RavenDB-22210

Additional description

Let's Encrypt introduces new, shorter intermediate certificates. This means that server certificate can be renewed by different intermediate certificate than previously thus the certificate chain will change.

Type of change

  • Bug fix
  • Regression bug fix
  • Optimization
  • New feature

How risky is the change?

  • Low
  • Moderate
  • High
  • Not relevant

Backward compatibility

  • Non breaking change
  • Ensured. Please explain how has it been implemented?
  • Breaking change
  • Not relevant

Is it platform specific issue?

  • Yes. Please list the affected platforms.
  • No

Documentation update

  • This change requires a documentation update. Please mark the issue on YouTrack using Documentation Required tag.
  • No documentation update is needed

Testing by Contributor

  • Tests have been added that prove the fix is effective or that the feature works
  • Internal classes added to the test class (e.g. entity or index definition classes) have the lowest possible access modifier (preferable private)
  • It has been verified by manual testing

Testing by RavenDB QA team

  • This change requires a special QA testing due to possible performance or resources usage implications (CPU, memory, IO). Please mark the issue on YouTrack using QA Required tag.
  • No special testing by RavenDB QA team is needed

Is there any existing behavior change of other features due to this change?

  • Yes. Please list the affected features/subsystems and provide appropriate explanation
  • No

UI work

  • It requires further work in the Studio. Please mark the issue on YouTrack using Studio Required tag.
  • No UI work is needed

@github-actions github-actions bot added the v5.4 label May 10, 2024
ml054
ml054 reviewed May 10, 2024
View reviewed changes
test/SlowTests/Issues/RavenDB-22210.cs Outdated

Assert.True(CertificateUtils.CertHasKnownIssuer(certificates.clientRenewed, certificates.client, new SecurityConfiguration()));

CleanupCaStore(certificates.ca, certificates.intermediate, certificates.intermediate2);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we clean up in finally block?

@ppekrol ppekrol self-requested a review May 13, 2024 09:19
ppekrol
ppekrol approved these changes May 13, 2024
View reviewed changes
test/Tests.Infrastructure/Utils/CertificateGenerator.cs Outdated

namespace Tests.Infrastructure.Utils;

public class CertificateGenerator
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

static?

@arekpalinski arekpalinski merged commit a717ade into ravendb:v5.4 May 14, 2024
15 of 16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ml054 ml054 ml054 left review comments

@karmeli87 karmeli87 karmeli87 left review comments

@ayende ayende ayende approved these changes

@arekpalinski arekpalinski arekpalinski approved these changes

@ppekrol ppekrol ppekrol approved these changes

@gregolsky gregolsky gregolsky approved these changes

Assignees
No one assigned
Labels
v5.4
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@hiddenshadow21 @ayende @arekpalinski @ppekrol @ml054 @gregolsky @karmeli87