Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for ssl peer fingerprint #136

Merged
merged 3 commits into from
Jul 17, 2024

Conversation

bazsi
Copy link
Member

@bazsi bazsi commented Jun 2, 2024

This resolves syslog-ng/syslog-ng#4978

@bazsi bazsi force-pushed the add-support-for-ssl-peer-fingerprint branch from 39e4122 to 5de78b1 Compare June 7, 2024 14:03
lib/transport/tls-session.c Outdated Show resolved Hide resolved
Signed-off-by: Balazs Scheidler <[email protected]>
…erprint

If trusted-keys() is used, the certificate fingerprint is added added
to ${.tls.x509_fp} with the same algorithm that was used to validate
trusted-keys, which is SHA1 at the moment (unfortunately, but that's
a separate PR.

Signed-off-by: Balazs Scheidler <[email protected]>
@bazsi bazsi force-pushed the add-support-for-ssl-peer-fingerprint branch 2 times, most recently from bcbee05 to fc94e9f Compare July 16, 2024 07:57
Signed-off-by: Balazs Scheidler <[email protected]>
@bazsi
Copy link
Member Author

bazsi commented Jul 16, 2024

I've dropped the change in trusted-keys() validation, as we agreed with @MrAnno that it should be introduced with a new option (trusted-fingerprints() or something like that).

By dropping this patch, this PR became very simple, if there's trusted-keys() based validation in a config, the key fingerprint is saved into ${.tls.x509_fp} along with the CA and similar parameters.

With that this is mergable.

@bazsi bazsi requested a review from MrAnno July 17, 2024 09:47
@MrAnno MrAnno merged commit a160aaa into axoflow:main Jul 17, 2024
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add macro for certificate fingerprint
2 participants