djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1114 from enj/enj/i/fips_init_log 

Use klog to make sure FIPS init log is emitted
This commit is contained in:
Mo Khan 2022-04-12 16:23:38 -04:00 committed by GitHub
parent edf4ffb018 6b4fbb6e0e
commit 6af1aaeb20
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
internal/crypto/ptls/fips_strict.go
View File

@ -18,8 +18,7 @@ import (
_ "crypto/tls/fipsonly" // restricts all TLS configuration to FIPS-approved settings.
"k8s.io/apiserver/pkg/server/options"
"go.pinniped.dev/internal/plog"
"k8s.io/klog/v2"
)
// Always use TLS 1.2 for FIPs
@ -27,7 +26,11 @@ const secureServingOptionsMinTLSVersion = "VersionTLS12"
const SecureTLSConfigMinTLSVersion = tls.VersionTLS12
func init() {
plog.Debug("using boring crypto in fips only mode", "go version", runtime.Version())
// this init runs before we have parsed our config to determine our log level
// thus we must use a log statement that will always print instead of conditionally print
// for plog, that is only error and warning logs, neither of which seem appropriate here
// therefore, just use klog directly with no V level requirement
klog.InfoS("using boring crypto in fips only mode", "go version", runtime.Version())
}
func Default(rootCAs *x509.CertPool) *tls.Config {