Updated according to v2.4.0 #8
Conversation
|
Yes, for now, add a note saying to install OpenSSL. Soon OpenSSL should be removed from the tarball, as it is out of date, but for now, I think it'll remain using the library. Thanks for the PR! |
albertony
force-pushed
the
v_2_4_0_updates
branch
from
d283083
to
cdb5224
Compare
|
Done. |
|
Wait a minute.. Fingerprint file format is changed!? Just from reading the code it seems to me version 2.4.0 uses lines with the following format for the new SHA256 fingerprints: And GUI app will write this same format both to I will push an updated text soon, but please correct me if I'm wrong with my assumptions. |
albertony
force-pushed
the
v_2_4_0_updates
branch
from
cdb5224
to
661cf3f
Compare
|
Done, please take a look. |
|
OK, this looks good. We'll need some external testing of this documentation change though. I'll ask in the IRC. |
|
Sorry, but pushed another commit. Let me know if you would rather have this split into a separate pr.. But the changes are related, and dependent on the previous commit, so thats why I added them here... Main points:
|
|
I have now left the Barrier project due to organisational issues and now have joined a fork. This PR will need a different assignee and reviewer. Once the PR is merged, it should also be merged into the repository |
|
As a final review, your changes look good to me. I'm going to merge your PR into the fork's wiki as well as here, just because it's a good PR to have both ways - I imagine this PR will also be merged to Barrier's wiki too, but I can't merge it myself. |
From debauchee/barrier-wiki#8 PR. Thanks! Signed-off-by: Dom Rodriguez <[email protected]>
|
While you are at this, could you perhaps add command line instructions for Linux? The Linux instructions might look as follows: On the server, change the working directory to Copy the fingerprint to a barrier client: |
|
|
||
| To manually create the certificate and fingerprint similar to how the UI application does | ||
| it, you can follow the Windows example below. It creates them in the default location | ||
| `%LocalAppData%\Barrier\SSL`. If you have the are planning to keep the SSL files in a |
There was a problem hiding this comment.
| `%LocalAppData%\Barrier\SSL`. If you have the are planning to keep the SSL files in a | |
| `%LocalAppData%\Barrier\SSL`. If you are planning to keep the SSL files in a |
| custom location specified with command line argument `--profile-dir`, you must change | ||
| the paths in the example accordingly. It also requires an OpenSSL installation, | ||
| e.g installer from [http://slproweb.com/products/Win32OpenSSL.html] installed into | ||
| default location `C:\Program Files\OpenSSL-Win64`. | ||
|
|
||
| ``` |
There was a problem hiding this comment.
Can we use the console style here? It'd make the examples much more readable :)
|
For reference, the full generate key + extract fingerprint from it workflow in bash is something like this: openssl req -new -x509 -subj /CN=Barrier -days 365 -nodes -out Barrier.pem -keyout Barrier.pem # Yes, into the same file
echo 'v2:sha256:'$(openssl x509 -in Barrier.pem -nocert -sha256 -fingerprint | cut -f 2 -d ' ' | cut -f 2 -d '=' | tr -d ':' | tr '[:upper:]' '[:lower:]'At least, with OpenSSL 1.1.1l |
From debauchee/barrier-wiki#8 PR. Thanks! Signed-off-by: Dom Rodriguez <[email protected]>
Quick update of some outdated descriptions since release of v2.4.0.
Remaining:
The description for manual creation of SSL/TLS Configuration will not work anymore. I see that the gui now uses library directly instead of executing openssl to generate cert. Openssl command-line utility is still included, but from what I can see barrier.conf is not. To generate cert openssl requires a config file.