summaryrefslogtreecommitdiffstats
path: root/node-admin/src
diff options
context:
space:
mode:
authorMorten Tokle <mortent@verizonmedia.com>2019-10-08 14:32:44 +0200
committerMorten Tokle <mortent@verizonmedia.com>2019-10-08 14:32:44 +0200
commitf25cd9e43d79e96f7b2168c7a5142279371d616a (patch)
tree87818c55fe55c6843c08f7c35e5f54a7bbf6d9da /node-admin/src
parent1be5a1edc8d308a6be8c4b43a72ce395fec04359 (diff)
Refresh certs using hostnameVerifier
Diffstat (limited to 'node-admin/src')
-rw-r--r--node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java6
1 files changed, 5 insertions, 1 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
index 058317ffd25..bd7732db1d6 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
@@ -191,7 +191,11 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer {
.withTrustStore(trustStorePath, KeyStoreType.JKS)
.build();
try {
- try (ZtsClient ztsClient = new DefaultZtsClient(ztsEndpoint, containerIdentitySslContext)) {
+ // Set up a hostname verified for zts if this is configured to use the config server (internal zts) apis
+ HostnameVerifier ztsHostNameVerifier = useInternalZts
+ ? new AthenzIdentityVerifier(singleton(configserverIdentity))
+ : null;
+ try (ZtsClient ztsClient = new DefaultZtsClient(ztsEndpoint, containerIdentitySslContext, ztsHostNameVerifier)) {
InstanceIdentity instanceIdentity =
ztsClient.refreshInstance(
configserverIdentity,