personal_interest_mirrors/nebula
1
0
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2026-05-16 04:47:38 +02:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Refactor CA pool handling to use streaming (#1644)
Some checks failed
gofmt / Run gofmt (push) Failing after 3s
Details
smoke-extra / Run extra smoke tests (push) Failing after 3s
Details
smoke / Run multi node smoke test (push) Failing after 3s
Details
Build and test / Build all and test on ubuntu-linux (push) Failing after 2s
Details
Build and test / Build and test on linux with boringcrypto (push) Failing after 3s
Details
Build and test / Build and test on linux with pkcs11 (push) Failing after 2s
Details
Build and test / Build and test on macos-latest (push) Has been cancelled
Details
Build and test / Build and test on windows-latest (push) Has been cancelled
Details

Browse Source 
Co-authored-by: maggie44 <64841595+maggie44@users.noreply.github.com>
Co-authored-by: JackDoan <me@jackdoan.com>
This commit is contained in:
John Maguire
2026-04-13 13:19:55 -04:00
committed by GitHub
parent 6727113b2b
commit 0ad5c771e9
8 changed files with 373 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
cmd/nebula-cert/verify.go
View File

@@ -6,7 +6,6 @@ import (
"fmt"
"io"
"os"
"strings"
"time"
"github.com/slackhq/nebula/cert"
@@ -40,21 +39,15 @@ func verify(args []string, out io.Writer, errOut io.Writer) error {
return err
}
rawCACert, err := os.ReadFile(*vf.caPath)
caFile, err := os.Open(*vf.caPath)
if err != nil {
return fmt.Errorf("error while reading ca: %w", err)
}
defer caFile.Close()
caPool := cert.NewCAPool()
for {
rawCACert, err = caPool.AddCAFromPEM(rawCACert)
if err != nil {
return fmt.Errorf("error while adding ca cert to pool: %w", err)
}
if rawCACert == nil || len(rawCACert) == 0 || strings.TrimSpace(string(rawCACert)) == "" {
break
}
caPool, err := cert.NewCAPoolFromPEMReader(caFile)
if err != nil && !errors.Is(err, cert.ErrExpired) {
return fmt.Errorf("error while adding ca cert to pool: %w", err)
}
rawCert, err := os.ReadFile(*vf.certPath)

2
cmd/nebula-cert/verify_test.go
View File

@@ -64,7 +64,7 @@ func Test_verify(t *testing.T) {
err = verify([]string{"-ca", caFile.Name(), "-crt", "does_not_exist"}, ob, eb)
assert.Empty(t, ob.String())
assert.Empty(t, eb.String())
require.EqualError(t, err, "error while adding ca cert to pool: input did not contain a valid PEM encoded block")
require.ErrorIs(t, err, cert.ErrInvalidPEMBlock)
// make a ca for later
caPub, caPriv, _ := ed25519.GenerateKey(rand.Reader)