feat: changing condition of ecdsa maximum support from p-256 to p-521

Nicopfy · Nicopfy · commit 985100c16aef · 2025-06-16T12:13:38.000+02:00
diff --git a/pkg/envoy/ingress_translator.go b/pkg/envoy/ingress_translator.go
@@ -353,8 +353,8 @@ func validateTlsSecret(secret *v1.Secret) (bool, error) {
 		if !ok {
 			return false, fmt.Errorf("error in *ecdsa.PublicKey type assertion")
 		}
-		if ecdsaPub.Curve.Params().BitSize > 256 {
-			logrus.Infof("skipping ECDSA %s certificate %s/%s: only P-256 certificates are supported", ecdsaPub.Curve.Params().Name, secret.Namespace, secret.Name)
+		if ecdsaPub.Curve.Params().BitSize > 521 {
+			logrus.Infof("skipping ECDSA %s certificate %s/%s: only P-256, P-384 and P-521 certificates are supported", ecdsaPub.Curve.Params().Name, secret.Namespace, secret.Name)
 			return false, nil
 		}
 	}

Original file line number	Diff line number	Diff line change
`@@ -353,8 +353,8 @@ func validateTlsSecret(secret *v1.Secret) (bool, error) {`
`353`	`353`	`if !ok {`
`354`	`354`	`return false, fmt.Errorf("error in *ecdsa.PublicKey type assertion")`
`355`	`355`	`}`
`356`		`- if ecdsaPub.Curve.Params().BitSize > 256 {`
`357`		`- logrus.Infof("skipping ECDSA %s certificate %s/%s: only P-256 certificates are supported", ecdsaPub.Curve.Params().Name, secret.Namespace, secret.Name)`
	`356`	`+ if ecdsaPub.Curve.Params().BitSize > 521 {`
	`357`	`+ logrus.Infof("skipping ECDSA %s certificate %s/%s: only P-256, P-384 and P-521 certificates are supported", ecdsaPub.Curve.Params().Name, secret.Namespace, secret.Name)`
`358`	`358`	`return false, nil`
`359`	`359`	`}`
`360`	`360`	`}`