Documentation/op-guide: clarify security.md on TLS auth #9140

gyuho · 2018-01-12T22:56:12Z

Make it more accurate (just as pkg/transport/listener_tls.go does).

Make it more accurate (just as pkg/transport/listener_tls.go does). Signed-off-by: Gyuho Lee <gyuhox@gmail.com>

fanminshi · 2018-01-12T23:01:03Z

Documentation/op-guide/security.md

  "hosts": [
    "b.com"
  ],
-  ...
-}
 ```

 when peer B's remote IP address is `10.138.0.2`. When peer B tries to join the cluster, peer A looks up the incoming host `b.com` to get the list of IP addresses (e.g. `dig b.com`). And rejects B if the list does not contain the IP `10.138.0.2`, with the error `tls: 10.138.0.2 does not match any of DNSNames ["b.com"]`.


do you know why the diff show up as red?

Seems like github markdown issue. If you look at the file with view button, it looks correct :0

fanminshi · 2018-01-12T23:20:41Z

lgtm

Documentation/op-guide: clarify security.md on TLS auth

eeb4d35

Make it more accurate (just as pkg/transport/listener_tls.go does). Signed-off-by: Gyuho Lee <gyuhox@gmail.com>

gyuho requested review from xiang90 and fanminshi January 12, 2018 22:56

fanminshi reviewed Jan 12, 2018

View reviewed changes

gyuho merged commit 7a8c192 into etcd-io:master Jan 12, 2018

gyuho deleted the tls-doc branch January 12, 2018 23:22

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Documentation/op-guide: clarify security.md on TLS auth #9140

Documentation/op-guide: clarify security.md on TLS auth #9140

gyuho commented Jan 12, 2018

fanminshi Jan 12, 2018

gyuho Jan 12, 2018

fanminshi commented Jan 12, 2018

Documentation/op-guide: clarify security.md on TLS auth #9140

Documentation/op-guide: clarify security.md on TLS auth #9140

Conversation

gyuho commented Jan 12, 2018

fanminshi Jan 12, 2018

Choose a reason for hiding this comment

gyuho Jan 12, 2018

Choose a reason for hiding this comment

fanminshi commented Jan 12, 2018