SSL certificate-key pairs are not validated before storage (RSA)

teamhephy / controller

Hephy Workflow Controller (API)

https://teamhephy.com

MIT License

14 stars 26 forks source link

SSL certificate-key pairs are not validated before storage (RSA) #168

Closed daniel-wachira closed 1 year ago

daniel-wachira commented 2 years ago

It is possible to store mismatched SSL certificate and private key pair. The input is not validated.

Steps to reproduce: On any application, provide a mismatched SSL certificate and private key pair.

Current Behaviour The inputs are accepted and pass validation.

Expected Behaviour The inputs fail validation and are rejected.

dvalfre commented 2 years ago

To complete the picture, this issue in turn impacts Router's ability to generate a valid config for Nginx. As a result of that failure, Nginx can't reload. On a event of pod rescheduling/restart, the whole of Router is down.

Cryptophobia commented 1 year ago

Merged and fixed with @daniel-wachira's code in PR #170