Skip to content

[7.x] Refactor FIPS BootstrapChecks to simple checks (#47499)#48333

Merged
jkakavas merged 2 commits intoelastic:7.xfrom
jkakavas:backport/7.x/pr-47499
Oct 22, 2019
Merged

[7.x] Refactor FIPS BootstrapChecks to simple checks (#47499)#48333
jkakavas merged 2 commits intoelastic:7.xfrom
jkakavas:backport/7.x/pr-47499

Conversation

@jkakavas
Copy link
Copy Markdown
Contributor

@jkakavas jkakavas commented Oct 22, 2019

Backports the following commits to 7.x:

@jkakavas
Refactor FIPS BootstrapChecks to simple checks (elastic#47499)
d44e13a 
FIPS 140 bootstrap checks should not be bootstrap checks as they
are always enforced. This commit moves the validation logic within
the security plugin.
The FIPS140SecureSettingsBootstrapCheck was not applicable as the
keystore was being loaded on init, before the Bootstrap checks
were checked, so an elasticsearch keystore of version < 3 would
cause the node to fail in a FIPS 140 JVM before the bootstrap check
kicked in, and as such hasn't been migrated.

Resolves: elastic#34772
@jkakavas jkakavas merged commit 24e43df into elastic:7.x Oct 22, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backport

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jkakavas