github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix panic in `injectSANMatcher` when `tlsContext` is `nil` (#17185)

pull/17191/head
Eric Haberkorn 2 years ago committed by GitHub
parent
e4a341c88a
commit
2c0da88ce7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      .changelog/17185.txt
  2. 4
      agent/xds/clusters.go

3
.changelog/17185.txt
Unescape View File

@ -0,0 +1,3 @@
```release-note:bug
xds: Fix possible panic that can when generating clusters before the root certificates have been fetched.
```

4
agent/xds/clusters.go
Unescape View File

@ -1427,6 +1427,10 @@ func (s *ResourceGenerator) makeExportedUpstreamClustersForMeshGateway(cfgSnap *
// injectSANMatcher updates a TLS context so that it verifies the upstream SAN.
func injectSANMatcher(tlsContext *envoy_tls_v3.CommonTlsContext, matchStrings ...string) error {
if tlsContext == nil {
return fmt.Errorf("invalid type: expected CommonTlsContext_ValidationContext not to be nil")
}
validationCtx, ok := tlsContext.ValidationContextType.(*envoy_tls_v3.CommonTlsContext_ValidationContext)
if !ok {
return fmt.Errorf("invalid type: expected CommonTlsContext_ValidationContext, got %T",

Write Preview
Loading…
Cancel
Save