Use hostname check from verify.go to handle patterns in TLS certs by kvch · Pull Request #23661 · elastic/beats

kvch · 2021-01-25T15:39:01Z

What does this PR do?

Previously, DNSNames in x509 certs with wildcards were not accepted. The function from Golang's verify.go is taken, so the check remains the same between Golang versions.

Why is it important?

Wildcards in DNSNames were not accepted. Now the are.

Checklist

My code follows the style guidelines of this project
I have commented my code, particularly in hard-to-understand areas
~~- [ ] I have made corresponding changes to the documentation~~
~~- [ ] I have made corresponding change to the default configuration files~~
I have added tests that prove my fix is effective or that my feature works
~~- [ ] I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.~~

elasticmachine · 2021-01-25T15:39:29Z

Pinging @elastic/agent (Team:Agent)

michalpristas · 2021-01-25T15:46:42Z

testing

mdelapenya · 2021-01-25T15:55:08Z

libbeat/common/transport/tlscommon/validhostname.go

+func matchHostnames(pattern, host string) bool {
+	pattern = toLowerCaseASCII(pattern)
+	host = toLowerCaseASCII(strings.TrimSuffix(host, "."))
+
+	if len(pattern) == 0 || len(host) == 0 {
+		return false
+	}
+
+	patternParts := strings.Split(pattern, ".")
+	hostParts := strings.Split(host, ".")
+
+	if len(patternParts) != len(hostParts) {
+		return false
+	}
+
+	for i, patternPart := range patternParts {
+		if i == 0 && patternPart == "*" {
+			continue
+		}
+		if patternPart != hostParts[i] {
+			return false
+		}
+	}
+
+	return true
+}
+
+// toLowerCaseASCII returns a lower-case version of in. See RFC 6125 6.4.1. We use
+// an explicitly ASCII function to avoid any sharp corners resulting from
+// performing Unicode operations on DNS labels.
+func toLowerCaseASCII(in string) string {


It seems fairly easy to add unit tests for for these two methods. Could we add them too?

I am adding tests ATM, but not for these specific function, but for the whole VerifyConnection callback.

Great, thanks! If possible, I'd add unit tests for the calculation and verification of the lowerCaseASCII hostname, just in case we missed any edge case for the conditional branches inside both methods.

michalpristas

worked for agent enroll

elasticmachine · 2021-01-25T16:31:33Z

💔 Build Failed

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

Build Cause: Pull request #23661 updated
- Start Time: 2021-01-25T16:41:02.401+0000
Duration: 74 min 20 sec
Commit: cf300d6

Test stats 🧪

Test	Results
Failed	0
Passed	17362
Skipped	1346
Total	18708

Steps errors

Expand to view the steps failures

`x-pack/packetbeat-Lint - mage check;

mage update;`

Took 1 min 17 sec . View more details on here
Description: mage check;mage update;

`Error signal`

Took 0 min 0 sec . View more details on here
Description: Error 'hudson.AbortException: script returned exit code 1'

Log output

Expand to view the last 100 lines of log output

[2021-01-25T17:55:05.863Z] 68.58s setup    metricbeat/module/couchbase/test_couchbase.py::Test::test_couchbase_0_bucket
[2021-01-25T17:55:05.863Z] 59.85s setup    metricbeat/module/kafka/test_kafka.py::KafkaTest_2::test_kafka_jmx_0_consumer
[2021-01-25T17:55:05.863Z] 59.19s setup    metricbeat/module/kafka/test_kafka.py::KafkaTest_0::test_kafka_jmx_0_consumer
[2021-01-25T17:55:05.863Z] 59.02s setup    metricbeat/module/kafka/test_kafka.py::KafkaTest_1::test_kafka_jmx_0_consumer
[2021-01-25T17:55:05.863Z] 57.84s setup    metricbeat/module/kafka/test_kafka.py::KafkaTest_4::test_kafka_jmx_0_consumer
[2021-01-25T17:55:05.863Z] 56.67s setup    metricbeat/module/kafka/test_kafka.py::KafkaTest_3::test_kafka_jmx_0_consumer
[2021-01-25T17:55:05.863Z] 49.70s setup    metricbeat/module/ceph/test_ceph.py::Test_1::test_ceph_0_cluster_disk
[2021-01-25T17:55:05.863Z] 47.80s setup    metricbeat/module/logstash/test_logstash.py::Test::test_node
[2021-01-25T17:55:05.863Z] 41.63s call     metricbeat/tests/system/test_base.py::Test::test_dashboards
[2021-01-25T17:55:05.863Z] 28.19s setup    metricbeat/module/vsphere/test_vsphere.py::TestVsphere_0::test_datastore
[2021-01-25T17:55:05.863Z] 28.11s setup    metricbeat/module/mysql/test_mysql.py::Test_3::test_status
[2021-01-25T17:55:05.863Z] 26.93s setup    metricbeat/module/mysql/test_mysql.py::Test_6::test_status
[2021-01-25T17:55:05.863Z] 24.88s setup    metricbeat/module/kibana/test_kibana.py::Test::test_status
[2021-01-25T17:55:05.863Z] 24.56s setup    metricbeat/tests/system/test_base.py::Test::test_dashboards
[2021-01-25T17:55:05.863Z] 22.34s setup    metricbeat/module/munin/test_munin.py::Test::test_munin_node
[2021-01-25T17:55:05.863Z] 21.34s setup    metricbeat/module/mysql/test_mysql.py::Test_1::test_status
[2021-01-25T17:55:05.863Z] 21.32s setup    metricbeat/module/aerospike/test_aerospike.py::Test::test_namespace
[2021-01-25T17:55:05.863Z] 19.81s setup    metricbeat/tests/system/test_beat.py::Test::test_metricsets_0_stats
[2021-01-25T17:55:05.863Z] 19.34s setup    metricbeat/module/elasticsearch/test_elasticsearch.py::Test::test_metricsets_0_ccr
[2021-01-25T17:55:05.863Z] =========== 216 passed, 12 skipped, 1 warning in 3301.01s (0:55:01) ============
[2021-01-25T17:55:05.863Z] >> python test: Integration Testing Complete
[2021-01-25T17:55:08.113Z] Client: Docker Engine - Community
[2021-01-25T17:55:08.113Z]  Version:           20.10.2
[2021-01-25T17:55:08.113Z]  API version:       1.41
[2021-01-25T17:55:08.113Z]  Go version:        go1.13.15
[2021-01-25T17:55:08.113Z]  Git commit:        2291f61
[2021-01-25T17:55:08.113Z]  Built:             Mon Dec 28 16:17:32 2020
[2021-01-25T17:55:08.113Z]  OS/Arch:           linux/amd64
[2021-01-25T17:55:08.113Z]  Context:           default
[2021-01-25T17:55:08.113Z]  Experimental:      true
[2021-01-25T17:55:08.113Z] 
[2021-01-25T17:55:08.113Z] Server: Docker Engine - Community
[2021-01-25T17:55:08.113Z]  Engine:
[2021-01-25T17:55:08.113Z]   Version:          20.10.2
[2021-01-25T17:55:08.113Z]   API version:      1.41 (minimum version 1.12)
[2021-01-25T17:55:08.113Z]   Go version:       go1.13.15
[2021-01-25T17:55:08.113Z]   Git commit:       8891c58
[2021-01-25T17:55:08.113Z]   Built:            Mon Dec 28 16:15:09 2020
[2021-01-25T17:55:08.113Z]   OS/Arch:          linux/amd64
[2021-01-25T17:55:08.113Z]   Experimental:     false
[2021-01-25T17:55:08.113Z]  containerd:
[2021-01-25T17:55:08.113Z]   Version:          1.4.3
[2021-01-25T17:55:08.113Z]   GitCommit:        269548fa27e0089a8b8278fc4fc781d7f65a939b
[2021-01-25T17:55:08.113Z]  runc:
[2021-01-25T17:55:08.113Z]   Version:          1.0.0-rc92
[2021-01-25T17:55:08.113Z]   GitCommit:        ff819c7e9184c13b7c2607fe6c30ae19403a7aff
[2021-01-25T17:55:08.113Z]  docker-init:
[2021-01-25T17:55:08.113Z]   Version:          0.19.0
[2021-01-25T17:55:08.113Z]   GitCommit:        de40ad0
[2021-01-25T17:55:08.113Z] Unable to find image 'alpine:3.4' locally
[2021-01-25T17:55:08.681Z] 3.4: Pulling from library/alpine
[2021-01-25T17:55:08.940Z] c1e54eec4b57: Pulling fs layer
[2021-01-25T17:55:09.199Z] c1e54eec4b57: Download complete
[2021-01-25T17:55:09.459Z] c1e54eec4b57: Pull complete
[2021-01-25T17:55:09.459Z] Digest: sha256:b733d4a32c4da6a00a84df2ca32791bb03df95400243648d8c539e7b4cce329c
[2021-01-25T17:55:09.459Z] Status: Downloaded newer image for alpine:3.4
[2021-01-25T17:55:11.664Z] + python .ci/scripts/pre_archive_test.py
[2021-01-25T17:55:12.601Z] Copy ./metricbeat/build into build/metricbeat/build
[2021-01-25T17:55:12.612Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-23661/src/github.com/elastic/beats/build
[2021-01-25T17:55:12.915Z] + rm -rf ve
[2021-01-25T17:55:12.915Z] + find . -type d -name vendor -exec rm -r {} ;
[2021-01-25T17:55:12.927Z] Recording test results
[2021-01-25T17:55:14.687Z] [Checks API] No suitable checks publisher found.
[2021-01-25T17:55:15.031Z] Client: Docker Engine - Community
[2021-01-25T17:55:15.031Z]  Version:           20.10.2
[2021-01-25T17:55:15.031Z]  API version:       1.41
[2021-01-25T17:55:15.031Z]  Go version:        go1.13.15
[2021-01-25T17:55:15.031Z]  Git commit:        2291f61
[2021-01-25T17:55:15.031Z]  Built:             Mon Dec 28 16:17:32 2020
[2021-01-25T17:55:15.031Z]  OS/Arch:           linux/amd64
[2021-01-25T17:55:15.031Z]  Context:           default
[2021-01-25T17:55:15.031Z]  Experimental:      true
[2021-01-25T17:55:15.031Z] 
[2021-01-25T17:55:15.031Z] Server: Docker Engine - Community
[2021-01-25T17:55:15.031Z]  Engine:
[2021-01-25T17:55:15.031Z]   Version:          20.10.2
[2021-01-25T17:55:15.031Z]   API version:      1.41 (minimum version 1.12)
[2021-01-25T17:55:15.031Z]   Go version:       go1.13.15
[2021-01-25T17:55:15.031Z]   Git commit:       8891c58
[2021-01-25T17:55:15.031Z]   Built:            Mon Dec 28 16:15:09 2020
[2021-01-25T17:55:15.031Z]   OS/Arch:          linux/amd64
[2021-01-25T17:55:15.031Z]   Experimental:     false
[2021-01-25T17:55:15.031Z]  containerd:
[2021-01-25T17:55:15.031Z]   Version:          1.4.3
[2021-01-25T17:55:15.031Z]   GitCommit:        269548fa27e0089a8b8278fc4fc781d7f65a939b
[2021-01-25T17:55:15.031Z]  runc:
[2021-01-25T17:55:15.031Z]   Version:          1.0.0-rc92
[2021-01-25T17:55:15.031Z]   GitCommit:        ff819c7e9184c13b7c2607fe6c30ae19403a7aff
[2021-01-25T17:55:15.031Z]  docker-init:
[2021-01-25T17:55:15.031Z]   Version:          0.19.0
[2021-01-25T17:55:15.031Z]   GitCommit:        de40ad0
[2021-01-25T17:55:21.714Z] Stage "Packaging" skipped due to earlier failure(s)
[2021-01-25T17:55:21.763Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-23661/src/github.com/elastic/beats
[2021-01-25T17:55:22.112Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats_PR-23661
[2021-01-25T17:55:22.198Z] [INFO] getVaultSecret: Getting secrets
[2021-01-25T17:55:22.287Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2021-01-25T17:55:22.916Z] + chmod 755 generate-build-data.sh
[2021-01-25T17:55:22.916Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-23661/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-23661/runs/2 FAILURE 4460256
[2021-01-25T17:55:23.166Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-23661/runs/2/steps/?limit=10000 -o steps-info.json
[2021-01-25T17:55:25.028Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-23661/runs/2/tests/?status=FAILED -o tests-errors.json

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test	Results
Failed	0
Passed	17362
Skipped	1346
Total	18708

kvch · 2021-01-25T19:12:11Z

jenkins run tests

kvch · 2021-01-25T19:16:06Z

Failing test are unrelated.

elasticmachine · 2021-01-25T19:59:20Z

💔 Build Failed

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

Build Cause: kvch commented: jenkins run tests
- Start Time: 2021-01-25T19:12:39.558+0000
Duration: 46 min 24 sec
Commit: cf300d6

Test stats 🧪

Test	Results
Failed	0
Passed	17362
Skipped	1346
Total	18708

Steps errors

Expand to view the steps failures

`x-pack/packetbeat-Lint - mage check;

mage update;`

Took 1 min 16 sec . View more details on here
Description: mage check;mage update;

`Error signal`

Took 0 min 0 sec . View more details on here
Description: Error 'hudson.AbortException: script returned exit code 1'

Log output

Expand to view the last 100 lines of log output

[2021-01-25T19:58:46.435Z] 68.70s setup    metricbeat/module/couchbase/test_couchbase.py::Test::test_couchbase_0_bucket
[2021-01-25T19:58:46.435Z] 61.02s setup    metricbeat/module/kafka/test_kafka.py::KafkaTest_2::test_kafka_jmx_0_consumer
[2021-01-25T19:58:46.435Z] 60.21s setup    metricbeat/module/kafka/test_kafka.py::KafkaTest_1::test_kafka_jmx_0_consumer
[2021-01-25T19:58:46.435Z] 58.29s setup    metricbeat/module/kafka/test_kafka.py::KafkaTest_0::test_kafka_jmx_0_consumer
[2021-01-25T19:58:46.435Z] 57.37s setup    metricbeat/module/kafka/test_kafka.py::KafkaTest_4::test_kafka_jmx_0_consumer
[2021-01-25T19:58:46.435Z] 56.02s setup    metricbeat/module/kafka/test_kafka.py::KafkaTest_3::test_kafka_jmx_0_consumer
[2021-01-25T19:58:46.435Z] 48.29s setup    metricbeat/module/logstash/test_logstash.py::Test::test_node
[2021-01-25T19:58:46.435Z] 47.61s setup    metricbeat/module/ceph/test_ceph.py::Test_1::test_ceph_0_cluster_disk
[2021-01-25T19:58:46.435Z] 42.34s setup    metricbeat/module/mysql/test_mysql.py::Test_1::test_status
[2021-01-25T19:58:46.435Z] 41.00s call     metricbeat/tests/system/test_base.py::Test::test_dashboards
[2021-01-25T19:58:46.435Z] 29.88s setup    metricbeat/module/mysql/test_mysql.py::Test_3::test_status
[2021-01-25T19:58:46.435Z] 28.82s setup    metricbeat/module/mysql/test_mysql.py::Test_6::test_status
[2021-01-25T19:58:46.435Z] 26.99s setup    metricbeat/module/vsphere/test_vsphere.py::TestVsphere_0::test_datastore
[2021-01-25T19:58:46.435Z] 25.50s setup    metricbeat/module/kibana/test_kibana.py::Test::test_status
[2021-01-25T19:58:46.435Z] 25.21s setup    metricbeat/tests/system/test_base.py::Test::test_dashboards
[2021-01-25T19:58:46.435Z] 24.01s setup    metricbeat/module/munin/test_munin.py::Test::test_munin_node
[2021-01-25T19:58:46.435Z] 22.12s setup    metricbeat/module/aerospike/test_aerospike.py::Test::test_namespace
[2021-01-25T19:58:46.435Z] 20.96s setup    metricbeat/tests/system/test_beat.py::Test::test_metricsets_0_stats
[2021-01-25T19:58:46.435Z] 20.52s setup    metricbeat/module/elasticsearch/test_elasticsearch.py::Test::test_metricsets_0_ccr
[2021-01-25T19:58:46.435Z] =========== 216 passed, 12 skipped, 1 warning in 1586.43s (0:26:26) ============
[2021-01-25T19:58:46.435Z] >> python test: Integration Testing Complete
[2021-01-25T19:58:48.697Z] Client: Docker Engine - Community
[2021-01-25T19:58:48.697Z]  Version:           20.10.2
[2021-01-25T19:58:48.697Z]  API version:       1.41
[2021-01-25T19:58:48.697Z]  Go version:        go1.13.15
[2021-01-25T19:58:48.697Z]  Git commit:        2291f61
[2021-01-25T19:58:48.697Z]  Built:             Mon Dec 28 16:17:32 2020
[2021-01-25T19:58:48.697Z]  OS/Arch:           linux/amd64
[2021-01-25T19:58:48.697Z]  Context:           default
[2021-01-25T19:58:48.697Z]  Experimental:      true
[2021-01-25T19:58:48.697Z] 
[2021-01-25T19:58:48.698Z] Server: Docker Engine - Community
[2021-01-25T19:58:48.698Z]  Engine:
[2021-01-25T19:58:48.698Z]   Version:          20.10.2
[2021-01-25T19:58:48.698Z]   API version:      1.41 (minimum version 1.12)
[2021-01-25T19:58:48.698Z]   Go version:       go1.13.15
[2021-01-25T19:58:48.698Z]   Git commit:       8891c58
[2021-01-25T19:58:48.698Z]   Built:            Mon Dec 28 16:15:09 2020
[2021-01-25T19:58:48.698Z]   OS/Arch:          linux/amd64
[2021-01-25T19:58:48.698Z]   Experimental:     false
[2021-01-25T19:58:48.698Z]  containerd:
[2021-01-25T19:58:48.698Z]   Version:          1.4.3
[2021-01-25T19:58:48.698Z]   GitCommit:        269548fa27e0089a8b8278fc4fc781d7f65a939b
[2021-01-25T19:58:48.698Z]  runc:
[2021-01-25T19:58:48.698Z]   Version:          1.0.0-rc92
[2021-01-25T19:58:48.698Z]   GitCommit:        ff819c7e9184c13b7c2607fe6c30ae19403a7aff
[2021-01-25T19:58:48.698Z]  docker-init:
[2021-01-25T19:58:48.698Z]   Version:          0.19.0
[2021-01-25T19:58:48.698Z]   GitCommit:        de40ad0
[2021-01-25T19:58:48.698Z] Unable to find image 'alpine:3.4' locally
[2021-01-25T19:58:49.631Z] 3.4: Pulling from library/alpine
[2021-01-25T19:58:49.632Z] c1e54eec4b57: Pulling fs layer
[2021-01-25T19:58:49.890Z] c1e54eec4b57: Download complete
[2021-01-25T19:58:49.890Z] c1e54eec4b57: Pull complete
[2021-01-25T19:58:49.891Z] Digest: sha256:b733d4a32c4da6a00a84df2ca32791bb03df95400243648d8c539e7b4cce329c
[2021-01-25T19:58:50.211Z] Status: Downloaded newer image for alpine:3.4
[2021-01-25T19:58:52.418Z] + python .ci/scripts/pre_archive_test.py
[2021-01-25T19:58:53.352Z] Copy ./metricbeat/build into build/metricbeat/build
[2021-01-25T19:58:53.364Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-23661/src/github.com/elastic/beats/build
[2021-01-25T19:58:53.702Z] + rm -rf ve
[2021-01-25T19:58:53.702Z] + find . -type d -name vendor -exec rm -r {} ;
[2021-01-25T19:58:53.731Z] Recording test results
[2021-01-25T19:58:55.178Z] [Checks API] No suitable checks publisher found.
[2021-01-25T19:58:55.590Z] Client: Docker Engine - Community
[2021-01-25T19:58:55.590Z]  Version:           20.10.2
[2021-01-25T19:58:55.590Z]  API version:       1.41
[2021-01-25T19:58:55.590Z]  Go version:        go1.13.15
[2021-01-25T19:58:55.590Z]  Git commit:        2291f61
[2021-01-25T19:58:55.590Z]  Built:             Mon Dec 28 16:17:32 2020
[2021-01-25T19:58:55.590Z]  OS/Arch:           linux/amd64
[2021-01-25T19:58:55.590Z]  Context:           default
[2021-01-25T19:58:55.590Z]  Experimental:      true
[2021-01-25T19:58:55.590Z] 
[2021-01-25T19:58:55.590Z] Server: Docker Engine - Community
[2021-01-25T19:58:55.590Z]  Engine:
[2021-01-25T19:58:55.590Z]   Version:          20.10.2
[2021-01-25T19:58:55.590Z]   API version:      1.41 (minimum version 1.12)
[2021-01-25T19:58:55.590Z]   Go version:       go1.13.15
[2021-01-25T19:58:55.590Z]   Git commit:       8891c58
[2021-01-25T19:58:55.590Z]   Built:            Mon Dec 28 16:15:09 2020
[2021-01-25T19:58:55.590Z]   OS/Arch:          linux/amd64
[2021-01-25T19:58:55.590Z]   Experimental:     false
[2021-01-25T19:58:55.590Z]  containerd:
[2021-01-25T19:58:55.590Z]   Version:          1.4.3
[2021-01-25T19:58:55.590Z]   GitCommit:        269548fa27e0089a8b8278fc4fc781d7f65a939b
[2021-01-25T19:58:55.590Z]  runc:
[2021-01-25T19:58:55.590Z]   Version:          1.0.0-rc92
[2021-01-25T19:58:55.590Z]   GitCommit:        ff819c7e9184c13b7c2607fe6c30ae19403a7aff
[2021-01-25T19:58:55.590Z]  docker-init:
[2021-01-25T19:58:55.590Z]   Version:          0.19.0
[2021-01-25T19:58:55.590Z]   GitCommit:        de40ad0
[2021-01-25T19:59:02.939Z] Stage "Packaging" skipped due to earlier failure(s)
[2021-01-25T19:59:03.024Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-23661/src/github.com/elastic/beats
[2021-01-25T19:59:03.415Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats_PR-23661
[2021-01-25T19:59:03.510Z] [INFO] getVaultSecret: Getting secrets
[2021-01-25T19:59:03.626Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2021-01-25T19:59:04.277Z] + chmod 755 generate-build-data.sh
[2021-01-25T19:59:04.277Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-23661/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-23661/runs/3 FAILURE 2784458
[2021-01-25T19:59:04.527Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-23661/runs/3/steps/?limit=10000 -o steps-info.json
[2021-01-25T19:59:07.010Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-23661/runs/3/tests/?status=FAILED -o tests-errors.json

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test	Results
Failed	0
Passed	17362
Skipped	1346
Total	18708

mdelapenya · 2021-01-26T06:15:08Z

/packaging

…astic#23661) Previously, DNSNames in x509 certs with wildcards were not accepted. The function from Golang's `verify.go` is taken, so the check remains the same between Golang versions. (cherry picked from commit 6291419)

…3661) (#23675) Previously, DNSNames in x509 certs with wildcards were not accepted. The function from Golang's `verify.go` is taken, so the check remains the same between Golang versions. (cherry picked from commit 6291419)

…pack-when-oss-changes * upstream/master: [DOCS] Add setup content to Kubernetes and Cloud Foundry docs (elastic#23580) [CI] Mandatory windows support for all the versions (elastic#23615) Add check when retrieving the worker process id using performance counters (elastic#23647) Remove 4912 evtx from testing (elastic#23669) Add missing SSL settings (elastic#23632) Update X-Pack Packetbeat config (elastic#23666) Use hostname check from verify.go to handle patterns in TLS certs (elastic#23661) Fix: Dissect Cisco ASA 302013 message usernames (elastic#21196) Add FAQ entry for MADV settings in older versions (elastic#23429) Sync fixes from Integration Package Testing (elastic#23424) [Filebeat] Add Cisco ASA message '302023' parsing (elastic#23092) [Elastic Log Driver] Change hosts config flag (elastic#23628) Audit and Authentication Policy Change Events (elastic#20684)

Use hostname check from verify.go to handle patterns

998bc78

botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jan 25, 2021

kvch added the Team:Elastic-Agent Label for the Agent team label Jan 25, 2021

botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Jan 25, 2021

kvch mentioned this pull request Jan 25, 2021

[Ingest Manager]: Unable to install 8.0 snapshot agent (Verified on windows and macOS so far) #23652

Closed

mdelapenya reviewed Jan 25, 2021

View reviewed changes

michalpristas approved these changes Jan 25, 2021

View reviewed changes

add test case for wildcard

cf300d6

kvch added the needs_backport PR is waiting to be backported to other branches. label Jan 25, 2021

kvch merged commit 6291419 into elastic:master Jan 25, 2021

kvch mentioned this pull request Jan 26, 2021

Cherry-pick #23661 to 7.x: Use hostname check from verify.go to handle patterns in TLS certs #23675

Merged

3 tasks

kvch added v7.12.0 and removed needs_backport PR is waiting to be backported to other branches. labels Jan 26, 2021

EricDavisX mentioned this pull request Mar 4, 2021

Agent stays in 'updating' on self-managed cluster (works when using cloud for stack) #24274

Closed

Conversation

kvch commented Jan 25, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What does this PR do?

Why is it important?

Checklist

Uh oh!

elasticmachine commented Jan 25, 2021

Uh oh!

michalpristas commented Jan 25, 2021

Uh oh!

mdelapenya Jan 25, 2021

Choose a reason for hiding this comment

Uh oh!

kvch Jan 25, 2021

Choose a reason for hiding this comment

Uh oh!

mdelapenya Jan 25, 2021

Choose a reason for hiding this comment

Uh oh!

michalpristas left a comment

Choose a reason for hiding this comment

Uh oh!

elasticmachine commented Jan 25, 2021 • edited by jenkins-beats-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

💔 Build Failed

Build stats

Test stats 🧪

Steps errors

`x-pack/packetbeat-Lint - mage check;

Error signal

Log output

💚 Flaky test report

Test stats 🧪

Uh oh!

kvch commented Jan 25, 2021

Uh oh!

kvch commented Jan 25, 2021

Uh oh!

elasticmachine commented Jan 25, 2021

💔 Build Failed

Build stats

Test stats 🧪

Steps errors

`x-pack/packetbeat-Lint - mage check;

Error signal

Log output

💚 Flaky test report

Test stats 🧪

Uh oh!

mdelapenya commented Jan 26, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

kvch commented Jan 25, 2021 •

edited

Loading

elasticmachine commented Jan 25, 2021 •

edited by jenkins-beats-ci bot

Loading

`Error signal`

`Error signal`

mdelapenya commented Jan 26, 2021 •

edited

Loading