Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upGitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
Add KeyUsage, ExtendedKeyUsage, CipherSuite & Protocol to SSL diagnostics #63784
Comments
|
Pinging @elastic/es-security (:Security/Network) |
|
I'd like to start contributing to this issue. |
|
Hi, @tvernum . I'd like to work on this issue. Can you please provide a general format for how you want the 4 new strings to appear? |
|
@AGZain , @Moe82 you'll need to coordinate between yourselves as to who is looking at this. The class that needs to change is SslDiagnostics but I haven't looked at this in enough detail to know exactly how we should represent these value, or where we should slot them in. |
|
I assumed the other user was no longer interested. @AGZain , let me know if you still want to work on it. |
|
Ok, seems like AGZain is no longer interested. I'll pick it up. |
|
Hi @Moe82, are you working on this? |
|
hi @sindhusp , not at the moment. Was planning on resuming mid December after my school semester ends. But feel free to work on it. If you can't figure it out by then, please let me know. |
|
@tvernum Can you please review my PR for this issue? |
Per https://discuss.elastic.co/t/ldaps-and-chain-of-certificates/250724 it's possible to get an SSL failure & diagnostic when the cipher requires certain key usage that is not permitted by the certificate.
To assist in such diagnostics, it would be of assistance to print out the ceritficate's KeyUsage and the session's Cipher suite in the message.
While we're doing that, the cert's ExtendedKeyUsage and session Protocol are probably worth including as well.