consul/sdk/freeport
Hans Hasselberg 804eb17094
connect: check if intermediate cert needs to be renewed. (#6835)
Currently when using the built-in CA provider for Connect, root certificates are valid for 10 years, however secondary DCs get intermediates that are valid for only 1 year. There is no mechanism currently short of rotating the root in the primary that will cause the secondary DCs to renew their intermediates.
This PR adds a check that renews the cert if it is half way through its validity period.

In order to be able to test these changes, a new configuration option was added: IntermediateCertTTL which is set extremely low in the tests.
2020-01-17 23:27:13 +01:00
..
ephemeral_fallback.go sdk: add freelist tracking and ephemeral port range skipping to freeport 2019-09-17 14:30:43 -05:00
ephemeral_linux.go change sysctl call to use absolute path 2019-11-15 14:28:13 -08:00
ephemeral_linux_test.go sdk: add freelist tracking and ephemeral port range skipping to freeport 2019-09-17 14:30:43 -05:00
freeport.go connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
freeport_test.go connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
systemlimit.go connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
systemlimit_windows.go connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00