remove x509sha1 support and overriding tlsmaxrsasize

kubernetes-sigs / vsphere-csi-driver

vSphere storage Container Storage Interface (CSI) plugin

https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/index.html

Apache License 2.0

296 stars 179 forks source link

remove x509sha1 support and overriding tlsmaxrsasize #2877

Closed divyenpatel closed 5 months ago

divyenpatel commented 5 months ago

What this PR does / why we need it: This PR is removing x509sha1 support and overriding setting tlsmaxrsasize.

Testing done: Verified using sha1 root certificate is not supported

"Cannot connect to vCenter with err: Post \"https://sc-rdops-vm11-dhcp-65-241.eng.vmware.com:443/sdk\": tls: failed to verify certificate

Special notes for your reviewer:

Release note:

remove x509sha1 support and overriding tlsmaxrsasize

gohilankit commented 5 months ago

/ok-to-test

xing-yang commented 5 months ago

The change looks good. Waiting for test results.

k8s-ci-robot commented 5 months ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chethanv28, divyenpatel

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-sigs/vsphere-csi-driver/blob/master/OWNERS)~~ [chethanv28,divyenpatel] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment