Skip to content

[Security] Cherry Pick Spiffe Verification#40515

Merged
gtcooke94 merged 1 commit intogrpc:v1.75.xfrom
gtcooke94:spiffe_cherry_pick
Aug 21, 2025
Merged

[Security] Cherry Pick Spiffe Verification#40515
gtcooke94 merged 1 commit intogrpc:v1.75.xfrom
gtcooke94:spiffe_cherry_pick

Conversation

@gtcooke94
Copy link
Contributor

@gtcooke94 gtcooke94 commented Aug 21, 2025
edited
Loading

Cherry pick #40476 to 1.75

RELEASE NOTES:

@gtcooke94
[Security] Spiffe Verification roll forward (grpc#40476)
f2ab206 
Roll forward grpc#40321 with fixes relating to OpenSSL 1.0.2

This roll forward fixes two things broken by the original commit:
* OpenSSL 1.0.2 compatibility - `X509_up_ref` is not in 1.0.2, so `CRYPTO_add` is used along with compiler directives.
* The macOS tests flatten trust bundles, and two files in different directories were both named `ca.pem` in the new `spiffe_bundle_map_end2end_test.cc`. One was from the existing test that this new test file was modeled after and was not needed, so it was removed from the BUILD file resolving the double naming conflict.

Closes grpc#40476

COPYBARA_INTEGRATE_REVIEW=grpc#40476 from gtcooke94:spiffe_roll_forward e30b7e4
PiperOrigin-RevId: 796537764
@gtcooke94 gtcooke94 added area/security release notes: yes Indicates if PR needs to be in release notes labels Aug 21, 2025
@gtcooke94 gtcooke94 merged commit 8f36086 into grpc:v1.75.x Aug 21, 2025
59 of 61 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@apolcyn apolcyn apolcyn approved these changes

Assignees

No one assigned

Labels

area/security bloat/medium lang/c++ lang/core lang/ruby per-call-memory/neutral per-channel-memory/neutral release notes: yes Indicates if PR needs to be in release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gtcooke94 @apolcyn