diff options
author | Morten Tokle <mortent@verizonmedia.com> | 2019-10-08 14:32:44 +0200 |
---|---|---|
committer | Morten Tokle <mortent@verizonmedia.com> | 2019-10-08 14:32:44 +0200 |
commit | f25cd9e43d79e96f7b2168c7a5142279371d616a (patch) | |
tree | 87818c55fe55c6843c08f7c35e5f54a7bbf6d9da /node-admin | |
parent | 1be5a1edc8d308a6be8c4b43a72ce395fec04359 (diff) |
Refresh certs using hostnameVerifier
Diffstat (limited to 'node-admin')
-rw-r--r-- | node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java index 058317ffd25..bd7732db1d6 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java @@ -191,7 +191,11 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { .withTrustStore(trustStorePath, KeyStoreType.JKS) .build(); try { - try (ZtsClient ztsClient = new DefaultZtsClient(ztsEndpoint, containerIdentitySslContext)) { + // Set up a hostname verified for zts if this is configured to use the config server (internal zts) apis + HostnameVerifier ztsHostNameVerifier = useInternalZts + ? new AthenzIdentityVerifier(singleton(configserverIdentity)) + : null; + try (ZtsClient ztsClient = new DefaultZtsClient(ztsEndpoint, containerIdentitySslContext, ztsHostNameVerifier)) { InstanceIdentity instanceIdentity = ztsClient.refreshInstance( configserverIdentity, |