Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Elliptic Curve Digital Signature Algorithm (ECDSA) signed certificates #4607

Merged
merged 5 commits into from
Jul 12, 2021
Merged

Add support for Elliptic Curve Digital Signature Algorithm (ECDSA) signed certificates #4607

merged 5 commits into from
Jul 12, 2021

Conversation

barkbay
Copy link
Contributor

@barkbay barkbay commented Jul 5, 2021
edited
Loading

This PR adds support for the ECDSA signature algorithm.

This enhancement is compatible with the support of a custom CA for HTTP and transport layer.

I'll try to add an e2e test but I'm opening this PR to allow a first review of the design/implementation, which is mostly about replacing *rsa.PrivateKey with the crypto.Signer interface.

Fix #4581

@barkbay barkbay added >enhancement Enhancement of existing functionality v1.7.0 labels Jul 5, 2021
@barkbay
Copy link
Contributor Author

barkbay commented Jul 5, 2021

jenkins test this please

pebrc
pebrc approved these changes Jul 5, 2021
View reviewed changes
Copy link
Collaborator

@pebrc pebrc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The change looks good. 👍 on an e2e test. I ran into the issue that the first curve I tried, secp256k1, was not supported. I believe Elasticsearch claims support for all curves mentioned in rfc5480 and rfc5915 (secp256k1 is not in those rfcs). But I could not find information on which curves are supported in Go.

@barkbay
Copy link
Contributor Author

barkbay commented Jul 8, 2021

jenkins test this please

thbkrkr
thbkrkr approved these changes Jul 9, 2021
View reviewed changes
Copy link
Contributor

@thbkrkr thbkrkr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work, LGTM.

pkg/controller/common/certificates/pem.go Outdated Show resolved Hide resolved
pkg/controller/common/certificates/pem.go Show resolved Hide resolved
pkg/controller/common/certificates/pem.go Outdated Show resolved Hide resolved
@barkbay barkbay merged commit e7022fd into elastic:master Jul 12, 2021
@barkbay barkbay changed the title Add ecdsa support Add support for Elliptic Curve Digital Signature Algorithm (ECDSA) signed certificates Jul 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thbkrkr thbkrkr thbkrkr approved these changes

@pebrc pebrc pebrc approved these changes

Assignees
No one assigned
Labels
>enhancement Enhancement of existing functionality v1.7.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ECK does not support TLS with ECDSA
3 participants
@barkbay @thbkrkr @pebrc