Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add cert CRL support. (sonic-net#269)
Add cert CRL support. #### Why I did it Support certificate revocation list. #### How I did it Download CRL and verify cert with CRL. #### How to verify it Manually test: I1119 06:45:56.678454 139 server.go:201] Created Server on localhost:50052, read-only: true I1119 06:45:56.678478 139 telemetry.go:465] Auth Modes: cert I1119 06:45:56.678495 139 telemetry.go:466] Starting RPC server on address: localhost:50052 I1119 06:45:56.678532 139 telemetry.go:469] GNMI Server started serving I1119 06:46:14.936024 139 clientCertAuth.go:183] Get Crl Urls for cert: [] I1119 06:46:14.936363 139 clientCertAuth.go:224] Cert does not contains and CRL distribution points I1119 06:46:14.936375 139 server.go:278] authenticate user , roles [role1] I1119 06:46:21.524943 139 clientCertAuth.go:183] Get Crl Urls for cert: [http://10.250.0.102:1234/crl] I1119 06:46:21.526022 139 clientCertAuth.go:93] SearchCrlCache not found cache for url: http://10.250.0.102:1234/crl I1119 06:46:21.526138 139 clientCertAuth.go:158] Download CRL start: http://10.250.0.102:1234/crl I1119 06:46:21.533821 139 clientCertAuth.go:176] Download CRL: http://10.250.0.102:1234/crl successed I1119 06:46:21.534318 139 clientCertAuth.go:66] CrlExpired expireTime: Wed Nov 20 06:46:21 2024, now: Tue Nov 19 06:46:21 2024 I1119 06:46:21.534337 139 clientCertAuth.go:211] CreateStaticCRLProvider add crl: http://10.250.0.102:1234/crl content: [...] I1119 06:46:21.535269 139 clientCertAuth.go:244] VerifyCertCrl peer certificate revoked: no unrevoked chains found: map[2:1] I1119 06:46:21.535289 139 clientCertAuth.go:149] [TELEMETRY-2] Failed to verify cert with CRL; rpc error: code = Unauthenticated desc = Peer certificate revoked Add new UT. #### Work item tracking Microsoft ADO (number only): 27146924 #### Which release branch to backport (provide reason below if selected) <!-- - Note we only backport fixes to a release branch, *not* features! - Please also provide a reason for the backporting below. - e.g. - [x] 202006 --> - [ ] 201811 - [ ] 201911 - [ ] 202006 - [ ] 202012 - [ ] 202106 - [ ] 202111 #### Description for the changelog Add cert CRL support. #### Link to config_db schema for YANG module changes <!-- Provide a link to config_db schema for the table for which YANG model is defined Link should point to correct section on https://github.com/Azure/SONiC/wiki/Configuration. --> #### A picture of a cute animal (not mandatory but encouraged)
- Loading branch information