Tero Saarni
Tero Saarni
Cool stuff :) I'm just random person passing by here in this github issue but I wonder if I dare to "advertise" that I too created a library, though this...
Hi @Hakky54! I saw your PR where you also try to push the hot-reload issue forward, thanks! Event though I did not comment anything there in your PR, I have...
Hi @Hakky54, > It seems like your library solves the ssl reloading completely differently than my approach, really awesome to see how we both try to solve the same problem...
Returning to: > but how are you going to reload the ssl if someone gets the keys or certificates from an inputstream or as a pem string from a database,...
I have wondered that doesn't the solutions which are based on swapping delegate `X509ExtendedKeyManager` fail occasionally, because the swap can happen between calls to `getPrivateKey()` and `getCertificateChain()`, causing them to...
Having own KeyManager can of course be justified by many reasons! I just think that many reloading ones may share this problem without realizing that swap can happen between those...
Using IP address as subject for a certificate is problematic in Kubernetes since pod IPs are ephemeral. Consider an example: 1. Pod A is created and it gets assigned address...
Is https://spiffe.io/docs/latest/microservices/envoy/ targeting the service mesh use case, where each service is co-located with their own "sidecar" instance of Envoy? Each service gets only single workload identity and therefore the...
Hi @Ozarklake! Envoy provides means to configure OCSP response to return to the client that requests it, but it does not seem to request it from OCSP responder by making...