Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Heartbeat] Record TLS Metadata for expired/invalid certs #14588

Merged
merged 3 commits into from
Nov 19, 2019
Merged

[Heartbeat] Record TLS Metadata for expired/invalid certs #14588

merged 3 commits into from
Nov 19, 2019

Conversation

andrewvc
Copy link
Contributor

@andrewvc andrewvc commented Nov 18, 2019
edited
Loading

This patch fixes #13687 .

Previously heartbeat would only traverse valid x509 cert chains, with this PR it now traverses all certs provided by the server.

This also fixes the issue where no SSL metadata would be shown if validation was disabled.

@andrewvc
[Heartbeat] Record TLS Metadata for expired/invalid certs
dbe8bed 
This patch fixes elastic#13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.
@andrewvc andrewvc requested a review from ruflin November 18, 2019 17:32
@andrewvc andrewvc requested a review from a team as a code owner November 18, 2019 17:32
@andrewvc andrewvc self-assigned this Nov 18, 2019
@andrewvc andrewvc added Team:obs-ds-hosted-services Label for the Observability Hosted Services team bug Heartbeat v7.5.1 labels Nov 18, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/uptime (:uptime)

ruflin
ruflin approved these changes Nov 19, 2019
View reviewed changes
Copy link
Member

@ruflin ruflin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, did not manually test it.

To summarise the change: The main change is in tls.go:65 and gest the full list of certificates instead of "only" the verified chains.

@andrewvc
Copy link
Contributor Author

Build failures are unrelated.

@andrewvc andrewvc merged commit eff54c3 into elastic:master Nov 19, 2019
andrewvc added a commit to andrewvc/beats that referenced this pull request Nov 19, 2019
@andrewvc
[Heartbeat] Record TLS Metadata for expired/invalid certs (elastic#14588
999c3ea 
)

This patch fixes elastic#13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit eff54c3)
andrewvc added a commit to andrewvc/beats that referenced this pull request Nov 19, 2019
@andrewvc
[Heartbeat] Record TLS Metadata for expired/invalid certs (elastic#14588
4d074a5 
)

This patch fixes elastic#13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit eff54c3)
andrewvc added a commit that referenced this pull request Nov 20, 2019
@andrewvc
[Heartbeat] Record TLS Metadata for expired/invalid certs (#14588) (#…
8eefd06 
…14620)

This patch fixes #13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit eff54c3)
andrewvc added a commit to andrewvc/beats that referenced this pull request Nov 20, 2019
@andrewvc
[Heartbeat] Record TLS Metadata for expired/invalid certs (elastic#14588
8009a89 
)

This patch fixes elastic#13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit eff54c3)
andrewvc added a commit that referenced this pull request Nov 22, 2019
@andrewvc
[Heartbeat] Record TLS Metadata for expired/invalid certs (#14588) (#…
a4e631c 
…14621)

This patch fixes #13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit eff54c3)
andrewvc added a commit that referenced this pull request Nov 25, 2019
@andrewvc
[Heartbeat] Record TLS Metadata for expired/invalid certs (#14588) (#…
ff7db03 
…14673)

This patch fixes #13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit eff54c3)
leweafan pushed a commit to leweafan/beats that referenced this pull request Apr 28, 2023
@andrewvc
[Heartbeat] Record TLS Metadata for expired/invalid certs (elastic#14588
89ff4ab 
) (elastic#14621)

This patch fixes elastic#13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit b69ecd2)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruflin ruflin ruflin approved these changes

Assignees

@andrewvc andrewvc

Labels
bug Heartbeat Team:obs-ds-hosted-services Label for the Observability Hosted Services team v7.5.1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Heartbeat] For an HTTPS monitor heartbeat doesn't capture expired ssl certificate information
3 participants
@andrewvc @elasticmachine @ruflin