aporeto-inc / trireme-lib

Simple, scalable and secure application segmentation

https://trireme.io

Apache License 2.0

300 stars 51 forks source link

Windows cert bug #953

Closed philipatl closed 4 years ago

philipatl commented 4 years ago

Fix for bug 2516: windows enforcer installation fails on win server 2016

Enforcer for Windows will fail to start if the API server's root certificate is not in the Windows certificate store. So we need to provide some routines to allow certificate verification that uses both the Windows CryptoAPI routines (which will pull in certificates into the Windows certificate store on-demand) and against a CertPool object in code.

Some background: https://github.com/golang/go/issues/34937

Fixes aporeto-inc/aporeto#2516

codecov[bot] commented 4 years ago

Codecov Report

Merging #953 into master will increase coverage by 0.15%. The diff coverage is 100%.

@@            Coverage Diff             @@
##           master     #953      +/-   ##
==========================================
+ Coverage   54.36%   54.51%   +0.15%     
==========================================
  Files         123      123              
  Lines       11815    11815              
==========================================
+ Hits         6423     6441      +18     
+ Misses       4764     4741      -23     
- Partials      628      633       +5

Impacted Files	Coverage Δ
utils/crypto/crypto.go	`78.37% <100%> (ø)`	:arrow_up:
monitor/extractors/linux.go	`70.73% <0%> (+21.95%)`	:arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 3292c11...13a3af6. Read the comment docs.

philipatl commented 4 years ago

/build - automatically fired by gogo with following PRs and commit SHAs v1.0.0

[
  {
    "project": "windows-cert-bug",
    "component": "enforcerd",
    "pr-id": "1553",
    "commit-sha": "15a3b4b4b88d69f69b37c29f3cd94d388256f292",
    "pipeline": "master"
  },
  {
    "project": "windows-cert-bug",
    "component": "trireme-lib",
    "pr-id": "953",
    "commit-sha": "201adc16e05d669b6423b6ef2002d8d51e576543",
    "pipeline": "master"
  }
]

philipatl commented 4 years ago

/build - automatically fired by gogo with following PRs and commit SHAs v1.0.0

[
  {
    "project": "windows-cert-bug",
    "component": "enforcerd",
    "pr-id": "1553",
    "commit-sha": "15a3b4b4b88d69f69b37c29f3cd94d388256f292",
    "pipeline": "master"
  },
  {
    "project": "windows-cert-bug",
    "component": "trireme-lib",
    "pr-id": "953",
    "commit-sha": "13a3af6a4251f7fb36dd0ff426c396f870f9ddf9",
    "pipeline": "master"
  }
]