- Sort Score
- Result 10 results
- Languages All
Results 11 - 20 of 86 for san (0.03 sec)
-
samples/certs/generate-workload.sh
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Feb 07 23:57:35 UTC 2023 - 3.2K bytes - Viewed (0) -
security/pkg/pki/util/verify_cert.go
Roots: roots, } host := "" if expectedFields != nil { host = expectedFields.Host san := host // uri scheme is currently not supported in go VerifyOptions. We verify // this uri at the end as a special case. if strings.HasPrefix(host, "spiffe") { san = "" } opts.DNSName = san } opts.KeyUsages = append(opts.KeyUsages, x509.ExtKeyUsageAny) if _, err = cert.Verify(opts); err != nil {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Sep 05 10:37:29 UTC 2022 - 5.9K bytes - Viewed (0) -
pkg/model/proxy_test.go
TlsSettings: &v1alpha3.ClientTLSSettings{ SubjectAltNames: []string{"san"}, }, }, }), }, }, // nolint: lll `{"PROXY_CONFIG":{"configPath":"foo","drainDuration":"5s","controlPlaneAuthPolicy":"MUTUAL_TLS","envoyAccessLogService":{"address":"address","tlsSettings":{"subjectAltNames":["san"]}}}}`, model.BootstrapNodeMetadata{ NodeMetadata: model.NodeMetadata{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Mar 28 20:38:02 UTC 2024 - 8.2K bytes - Viewed (0) -
releasenotes/notes/add_trust_domans_san_validator.yaml
kind: feature area: security issue: - https://github.com/istio/istio/issues/41666 releaseNotes: - |
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 24 16:11:07 UTC 2023 - 250 bytes - Viewed (0) -
security/pkg/server/ca/authenticate/cert_authenticator_test.go
caller: nil, authenticateErrMsg: "no verified chain is found", }, "Certificate has no SAN": { certChain: [][]*x509.Certificate{ { { Version: 1, }, }, }, authenticateErrMsg: "the SAN extension does not exist", }, "With client certificate": { certChain: [][]*x509.Certificate{ { {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Jan 05 01:20:59 UTC 2024 - 3.2K bytes - Viewed (0) -
pkg/apis/certificates/v1beta1/defaults_test.go
exp: false, }, "does not default to kubelet-serving if it specifies a URI SAN": { req: newCSR(kubeletServerPEMOptions, pemOptions{uris: []string{"http://something"}}), usages: kubeletServerUsages, exp: false, }, "does not default to kubelet-serving if it specifies an emailAddress SAN": { req: newCSR(kubeletServerPEMOptions, pemOptions{emailAddresses: []string{"something"}}),
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Dec 27 08:04:25 UTC 2022 - 16.9K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/util/x509metrics/server_cert_deprecations.go
} func NewSANDeprecatedChecker(counter *metrics.Counter) *missingSANChecker { return &missingSANChecker{ counterRaiser: counterRaiser{ counter: counter, id: "missing-san", reason: "relies on a legacy Common Name field instead of the SAN extension for subject validation", }, } } // CheckRoundTripError returns true when we're running w/o GODEBUG=x509ignoreCN=0
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jul 26 17:14:05 UTC 2022 - 7.3K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/conversion_test.go
pod.Namespace = ns pod.Spec.ServiceAccountName = sa mesh := &meshconfig.MeshConfig{TrustDomain: "td.local"} san := SecureNamingSAN(pod, mesh) expectedSAN := fmt.Sprintf("spiffe://td.local/ns/%v/sa/%v", ns, sa) if san != expectedSAN { t.Fatalf("SAN match failed, SAN:%v expectedSAN:%v", san, expectedSAN) }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 23 21:07:03 UTC 2024 - 12.7K bytes - Viewed (0) -
security/pkg/pki/ra/common.go
ExtCAK8s CaExternalType = "ISTIOD_RA_KUBERNETES_API" // DefaultExtCACertDir : Location of external CA certificate DefaultExtCACertDir string = "./etc/external-ca-cert" ) // ValidateCSR : Validate all SAN extensions in csrPEM match authenticated identities func ValidateCSR(csrPEM []byte, subjectIDs []string) bool { csr, err := util.ParsePemEncodedCSR(csrPEM) if err != nil { return false }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Sep 11 19:57:30 UTC 2023 - 4.4K bytes - Viewed (0) -
security/pkg/pki/util/generate_cert_test.go
ttl := time.Hour cases := map[string]struct { certOptions CertOptions verifyFields *VerifyFields }{ // These certs are signed by the CA cert "RSA: Server cert with DNS SAN": { certOptions: CertOptions{ Host: "test_server.com", NotBefore: notBefore, TTL: ttl, SignerCert: rsaCaCert, SignerPriv: rsaCaPriv, Org: "",
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Nov 06 12:48:53 UTC 2023 - 29.4K bytes - Viewed (0)