Affected by GO-2022-0615
and 6 other vulnerabilities
GO-2022-0615 : Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul
GO-2022-0894 : Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul
GO-2022-0895 : HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul
GO-2022-0953 : HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul
GO-2022-1029 : HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul
GO-2023-1827 : Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul
GO-2024-3242 : Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul
Discover Packages
github.com/hashicorp/consul
connect
certgen
command
Version:
v1.9.0-beta1
Opens a new window with list of versions in this module.
Published: Oct 12, 2020
License: MPL-2.0
Opens a new window with license information.
Imports: 8
Opens a new window with list of imports.
Imported by: 0
Opens a new window with list of known importers.
Documentation Source Files Overview
Documentation
¶
certgen: a tool for generating test certificates on disk for use as
test-fixtures and for end-to-end testing and local development.
Example usage:
$ go run connect/certgen/certgen.go -out-dir /tmp/connect-certs
You can verify a given leaf with a given root using:
$ openssl verify -verbose -CAfile ca1-ca.cert.pem ca1-svc-db.cert.pem
Note that to verify via the cross-signed intermediate, openssl requires it to
be bundled with the _root_ CA bundle and will ignore the cert if it's passed
with the subject. You can do that with:
$ openssl verify -verbose -CAfile \
<(cat ca1-ca.cert.pem ca2-xc-by-ca1.cert.pem) \
ca2-svc-db.cert.pem
ca2-svc-db.cert.pem: OK
Note that the same leaf and root without the intermediate should fail:
$ openssl verify -verbose -CAfile ca1-ca.cert.pem ca2-svc-db.cert.pem
ca2-svc-db.cert.pem: CN = db
error 20 at 0 depth lookup:unable to get local issuer certificate
NOTE: THIS IS A QUIRK OF OPENSSL; in Connect we distribute the roots alone
and stable intermediates like the XC cert to the _leaf_.
Source Files
¶
Click to show internal directories.
Click to hide internal directories.