Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-62219

Change order of CA certs when searching for CA for a node certificate

    XMLWordPrintable

Details

    • Untriaged
    • 0
    • Unknown

    Description

      When loading a node certificate, we are searching for a CA that matches that node cert. Then we memorize that CA cert for that node cert, and don't allow removal of that CA cert.
      Currently we assume that only one CA in the list of trusted CAs can match given node cert, but actually that's incorrect because different CAs can be created using the same private key.
      Since currently we sort CAs by id, we always attach the oldest CA cert to the node cert being added which leads to the fact that it is impossible to update a CA cert if CA private key does not change.
      I think we should reverse the order of the CA certificates when we search the right CA. In this case we will always start from the latest added certificate in the list.

      Attachments

        Issue Links

          Activity

            People

              shaazin.sheikh Shaazin Sheikh
              timofey.barmin Timofey Barmin
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                PagerDuty