Skip to content

Deprecate misconfigured SSL server config #49280

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 22, 2019
Merged

Deprecate misconfigured SSL server config #49280

merged 1 commit into from
Nov 22, 2019

Conversation

@tvernum
Copy link
Contributor

@tvernum tvernum commented Nov 19, 2019
edited
Loading

This commit adds a deprecation warning when starting
a node where either of the server contexts
(xpack.security.transport.ssl and xpack.security.http.ssl)
meet either of these conditions:

  1. The server lacks a certificate/key pair (i.e. neither
    ssl.keystore.path not ssl.certificate are configured)
  2. The server has some ssl configuration, but ssl.enabled is not
    specified. This new validation does not care whether ssl.enabled is
    true or false (though other validation might), it simply makes it
    an error to configure server SSL without being explicit about
    whether to enable that configuration.

Backport of: #45892

@tvernum
Deprecate misconfigured SSL server config
fab2ec5 
This commit adds a deprecation warning when starting
a node where either of the server contexts
(xpack.security.transport.ssl and xpack.security.http.ssl)
meet either of these conditions:

1. The server lacks a certificate/key pair (i.e. neither
   ssl.keystore.path not ssl.certificate are configured)
2. The server has some ssl configuration, but ssl.enabled is not
   specified. This new validation does not care whether ssl.enabled is
   true or false (though other validation might), it simply makes it
   an error to configure server SSL without being explicit about
   whether to enable that configuration.

Backport of: elastic#45892
@tvernum tvernum requested a review from jkakavas November 19, 2019 06:16
@elasticmachine
Copy link
Collaborator

elasticmachine commented Nov 19, 2019

Pinging @elastic/es-security (:Security/Network)

@tvernum
Copy link
Contributor Author

tvernum commented Nov 19, 2019

This is a backport of #45892 but changed to a deprecation warning instead of an error.

jkakavas
jkakavas approved these changes Nov 20, 2019
View reviewed changes
Copy link
Contributor

@jkakavas jkakavas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tvernum tvernum merged commit 2e5f2dd into elastic:7.x Nov 22, 2019
@tvernum tvernum mentioned this pull request Nov 27, 2019
Closed
This was referenced Feb 3, 2020
Closed
Closed
@jrodewig jrodewig mentioned this pull request Sep 14, 2021
Merged
@lockewritesdocs lockewritesdocs mentioned this pull request Oct 7, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkakavas jkakavas jkakavas approved these changes

Assignees

No one assigned

Labels

>enhancement :Security/TLS SSL/TLS, Certificates v7.6.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tvernum @elasticmachine @jkakavas