Affected by GO-2022-0559 and 9 other vulnerabilities

GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

certgen

command

v1.6.6 Latest Latest Go to latest Published: Jun 10, 2020 License: MPL-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hashicorp/consul

Links

Open Source Insights

Documentation ¶

Overview ¶

certgen: a tool for generating test certificates on disk for use as test-fixtures and for end-to-end testing and local development.

Example usage:

$ go run connect/certgen/certgen.go -out-dir /tmp/connect-certs

You can verify a given leaf with a given root using:

$ openssl verify -verbose -CAfile ca2-ca.cert.pem ca1-svc-db.cert.pem

Note that to verify via the cross-signed intermediate, openssl requires it to be bundled with the _root_ CA bundle and will ignore the cert if it's passed with the subject. You can do that with:

$ openssl verify -verbose -CAfile \
   <(cat ca1-ca.cert.pem ca2-xc-by-ca1.cert.pem) \
   ca2-svc-db.cert.pem
ca2-svc-db.cert.pem: OK

Note that the same leaf and root without the intermediate should fail:

$ openssl verify -verbose -CAfile ca1-ca.cert.pem ca2-svc-db.cert.pem
ca2-svc-db.cert.pem: CN = db
error 20 at 0 depth lookup:unable to get local issuer certificate

NOTE: THIS IS A QUIRK OF OPENSSL; in Connect we distribute the roots alone and stable intermediates like the XC cert to the _leaf_.

Source Files ¶

View all Source files

certgen.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL