[Heimdal-source-changes] [heimdal/heimdal] 8ef971: bx509: Fix CSR authorizer IPC plugin bug

Nico Williams noreply at github.com
Fre Jan 10 18:43:45 CET 2020 

  Branch: refs/heads/master
  Home:   https://github.com/heimdal/heimdal
  Commit: 8ef971786b89e13c0989eef589f92781ca6ca9f6
      https://github.com/heimdal/heimdal/commit/8ef971786b89e13c0989eef589f92781ca6ca9f6
  Author: Nicolas Williams <nico at twosigma.com>
  Date:   2020-01-10 (Fri, 10 Jan 2020)

  Changed paths:
    M kdc/ipc_csr_authorizer.c

  Log Message:
  -----------
  bx509: Fix CSR authorizer IPC plugin bug

When marking SANs authorized, mark the SAN, not some EKU, authorized!


  Commit: 8430acfe955c29f1b9cb61f089812be92c76221f
      https://github.com/heimdal/heimdal/commit/8430acfe955c29f1b9cb61f089812be92c76221f
  Author: Nicolas Williams <nico at twosigma.com>
  Date:   2020-01-10 (Fri, 10 Jan 2020)

  Changed paths:
    M kdc/test_kdc_ca.c

  Log Message:
  -----------
  kdc: implement test_kdc_ca -a option


  Commit: 62c0261cffd5b796f8f9f0b04628eca503364670
      https://github.com/heimdal/heimdal/commit/62c0261cffd5b796f8f9f0b04628eca503364670
  Author: Nicolas Williams <nico at twosigma.com>
  Date:   2020-01-10 (Fri, 10 Jan 2020)

  Changed paths:
    M kdc/test_token_validator.c

  Log Message:
  -----------
  kdc: add test_token_validator -a option


  Commit: e7ad9da3ccb17893fd10aefe7b39955f9fe937a4
      https://github.com/heimdal/heimdal/commit/e7ad9da3ccb17893fd10aefe7b39955f9fe937a4
  Author: Nicolas Williams <nico at twosigma.com>
  Date:   2020-01-10 (Fri, 10 Jan 2020)

  Changed paths:
    M kdc/bx509d.c

  Log Message:
  -----------
  bx509: Do not clobber library error info


  Commit: 1cbbca8dcfc3e763a7a4b5f4369e09ec7a32c622
      https://github.com/heimdal/heimdal/commit/1cbbca8dcfc3e763a7a4b5f4369e09ec7a32c622
  Author: Nicolas Williams <nico at twosigma.com>
  Date:   2020-01-10 (Fri, 10 Jan 2020)

  Changed paths:
    M kdc/bx509d.c

  Log Message:
  -----------
  bx509: Add /, /health for load balancer checking

A HEAD or GET of / or /health will now produce a 200 instead of a 404.

Ideally we should add configuration arguments that would allow /health
to get a token, make a CSR, and test the /bx509 (and/or /bnegotiate)
functionality, that way we'd have a real health check.  For now we defer
that work, as external health monitoring can be done using a simple
script anyways.


Compare: https://github.com/heimdal/heimdal/compare/2b92d938aee1...1cbbca8dcfc3

More information about the Heimdal-source-changes mailing list