Alex Zgabur
Alex Zgabur
That is interesting behavior of used libraries. For example _openssl_ reacts this way: ``` $ openssl s_client -connect example.com:443 --CAfile example.pem ... --- SSL handshake has read 3772 bytes and...
If you wish to keep this behavior I would change "docs/cmdline-opts/cacert.d" like this: ``` Tells curl to use the specified certificate file to verify the peer. The file may contain...
If I understand the openssl flag `X509_V_FLAG_PARTIAL_CHAIN` correctly, it changes behavior where just intermediate CA certificates signature are enough to pass verification if in trust store. But if there is...
I will be asking ServiceMesh and Graphana dev/qe team to see if they test the dashboards other way than just by manual testing. Will come back to this.
Openshifts Metrics/Targets can be accessed trough Openshift bundled Prometeus API, I did not try it yet but it should be possible.
I found simpler way to reproduce this with just one ManagedZone. 1. Create Gateway and HttpPolicy to have same hostname (no wildcards) 2. Create DNSPolicy 3. Edit Gateway listener to...
Yes I can confirm the managed zone removal did not fix this bug.
> or we actually restrict these via the CRD to prevent non-valid codes (and I guess document as well) This + documentation 👍
As we discussed, checking if the communication between pods is really encrypted is out of scope for our testing. We will believe Istio system is implemented correctly and just check...
In Openshift that would require exposing some authorino/limitador `service` via `route` object as there is no other way to access internal cluster IP from outside of cluster for the check....