kubernetes-client/csharp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated CertificateValidationCallBack to build the CaCert bundle with respect to the rootChain certs to verify that they are correct. (#860)

Browse Source 
* Updated CertificateValidationCallBack to build the CaCert bundle with respect to the rootChain certs to verify that they are correct.

* Added a test cases and assets for when all the certs files are in the same file.

* Removed the hardcoded first cert as the chosen root cert
This commit is contained in:
KLazarov
2022-05-24 05:07:10 +02:00
committed by GitHub
parent d8e2236611
commit 877587e898
4 changed files with 140 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/KubernetesClient/Kubernetes.ConfigInit.cs
View File

@@ -203,13 +203,11 @@ namespace k8s
var isTrusted = false;
var rootCert = chain.ChainElements[chain.ChainElements.Count - 1].Certificate;
// Make sure that one of our trusted certs exists in the chain provided by the server.
//
foreach (var cert in caCerts)
{
if (rootCert.RawData.SequenceEqual(cert.RawData))
if (chain.Build(cert))
{
isTrusted = true;
break;