fix(dgw): ensure the hostname matches TLS certificate #648
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Warning logs are ignored at this point (logger not yet initialized), so it doesn’t really help. Since specifying a hostname not matching the TLS subject name is a configuration error, we now return an error upon loading the configuration.Log warnings are ignored at this point, so it doesn’t really help.
CBenoit
force-pushed
the
fix-warning-wildcard-cert
branch
from
ebeceba
to
fd1521f
Compare
thenextman
approved these changes
Jan 16, 2024
irvingoujAtDevolution
added a commit
that referenced
this pull request
Jan 19, 2024
commit 40ed44f8de79a659eab685d54fc6fbe3f465b5e9
Author: irving ou <jou@devolutions.net>
Date: Fri Jan 19 14:39:10 2024 -0500
rebase on refractored socket
commit d7d10b47fc6006dbb8c962f048b7d3c276c20fe7
Author: irving ou <jou@devolutions.net>
Date: Thu Jan 11 10:55:10 2024 -0500
Support ip boardcasting with sync/async stream
formatter and dependency
check point
check point
get network interface
Support ip boardcasting with sync/async stream
review fix
review fix
review fixes and rebase
remove unused code
remove unused code
ci
review update
commit cd59c10
Author: irving ou <jou@devolutions.net>
Date: Fri Jan 19 14:07:47 2024 -0500
add unregister
commit c95f3a4
Author: irving ou <jou@devolutions.net>
Date: Fri Jan 19 12:56:28 2024 -0500
Add Udp/Tcp method and examples
commit 6ff3cb5
Author: irving ou <jou@devolutions.net>
Date: Thu Jan 18 17:03:07 2024 -0500
readability
commit 0289a15
Author: irving ou <jou@devolutions.net>
Date: Thu Jan 18 17:02:19 2024 -0500
CI
commit ba584de
Author: irving ou <jou@devolutions.net>
Date: Thu Jan 18 17:00:42 2024 -0500
Update async_raw_socket.rs
commit 08842ca
Author: irving ou <jou@devolutions.net>
Date: Thu Jan 18 16:52:29 2024 -0500
ci
commit 5aa3329
Author: irving ou <jou@devolutions.net>
Date: Thu Jan 18 15:07:21 2024 -0500
Review Fixes and refractoring
commit 28e9f32
Author: irving ou <jou@devolutions.net>
Date: Wed Jan 17 21:59:46 2024 -0500
Experimental
commit 6d96dfa
Author: irving ou <jou@devolutions.net>
Date: Wed Jan 17 21:59:37 2024 -0500
Experimental
commit df91726
Author: Benoît Cortier <bcortier@proton.me>
Date: Wed Jan 17 13:28:37 2024 +0900
refactor(dgw): rename UsersPath option to UsersFile (#652)
Not a breaking change, because the option is not yet released.
commit 6c6509c
Author: Benoît Cortier <bcortier@proton.me>
Date: Wed Jan 17 12:28:38 2024 +0900
feat(dgw): store users list in a users.txt file (#651)
Each line holds a user with the format `<user>:<hash>`.
This changes the `Users` option into `UsersPath` for specifying a path to a users.txt file.
By default, the path is `%ProgrameData%/Devolutions/Gateway/users.txt`.
For each line such as `<user>:<hash>`:
* `<user>`: The name of the user.
* `<hash>`: Hash of the password in the PHC string format.
Blank lines and lines starting by `#` are ignored.
Issue: DGW-127
commit f3f6773
Author: Richard Markiewicz <rmarkiewicz@devolutions.net>
Date: Tue Jan 16 21:23:49 2024 -0500
ci: build managed installer in workflows (#650)
commit 2dadabd
Author: Benoît Cortier <bcortier@proton.me>
Date: Wed Jan 17 01:25:41 2024 +0900
fix(dgw): validate maximum lifetime for webapp token (#649)
An oversight in the endpoint for signing webapp token was discovered.
The configured maximum lifetime wasn’t properly enforced. Fortunately,
this bug was discovered by our security team before the feature was
released and delivered.
As such, there is no need to create a security advisory.
commit 6ebee46
Author: Benoît Cortier <bcortier@proton.me>
Date: Wed Jan 17 01:19:01 2024 +0900
fix(dgw): ensure the hostname matches TLS certificate (#648)
Warning logs are ignored at this point (logger not yet initialized),
so it doesn’t really help. Since specifying a hostname not matching the
TLS subject name is a configuration error, we now return an error upon
loading the configuration.Log warnings are ignored at this point, so it
doesn’t really help.
commit b2244a9
Author: Benoît Cortier <bcortier@proton.me>
Date: Wed Jan 17 00:57:59 2024 +0900
fix(dgw): spurious warning when using a wildcard certificate (#647)
commit 1ee1920
Author: Richard Markiewicz <rmarkiewicz@devolutions.net>
Date: Tue Jan 16 02:17:42 2024 -0500
ci: add standalone web ui to CI builds (#646)
commit b5efdee
Author: Krista House <khouse@devolutions.net>
Date: Tue Jan 16 02:02:24 2024 -0500
feat(dgw): initial web application UI for standalone mode (#641)
commit 9cf1a26
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon Jan 15 22:13:34 2024 -0500
build(deps): bump the http group with 3 updates (#643)
Bumps the http group with 3 updates: [axum](https://github.com/tokio-rs/axum), [axum-extra](https://github.com/tokio-rs/axum) and [tower-http](https://github.com/tower-rs/tower-http).
Updates `axum` from 0.7.3 to 0.7.4
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](tokio-rs/axum@axum-v0.7.3...axum-v0.7.4)
Updates `axum-extra` from 0.9.1 to 0.9.2
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](tokio-rs/axum@axum-extra-v0.9.1...axum-extra-v0.9.2)
Updates `tower-http` from 0.5.0 to 0.5.1
- [Release notes](https://github.com/tower-rs/tower-http/releases)
- [Commits](tower-rs/tower-http@tower-http-0.5.0...tower-http-0.5.1)
---
updated-dependencies:
- dependency-name: axum
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: http
- dependency-name: axum-extra
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: http
- dependency-name: tower-http
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: http
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
commit 6ae7fcf
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon Jan 15 21:39:55 2024 -0500
build(deps): bump utoipa from 4.1.0 to 4.2.0 (#645)
Bumps [utoipa](https://github.com/juhaku/utoipa) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/juhaku/utoipa/releases)
- [Commits](juhaku/utoipa@utoipa-4.1.0...utoipa-4.2.0)
---
updated-dependencies:
- dependency-name: utoipa
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
commit 26f77f1
Author: Richard Markiewicz <rmarkiewicz@devolutions.net>
Date: Mon Jan 15 21:31:49 2024 -0500
feat(installer): add Windows sytem certificate support to managed installer (#640)
commit 1c98f62
Author: Marc-André Moreau <mamoreau@devolutions.net>
Date: Mon Jan 15 16:39:07 2024 -0500
add basic webapp configuration to PowerShell module
commit 6df790b
Author: Marc-André Moreau <marcandre.moreau@gmail.com>
Date: Sun Jan 14 20:22:54 2024 -0500
refactor(pwsh): switch from PemUtils to Picky (#639)
Co-authored-by: Richard Markiewicz <rmarkiewicz@devolutions.net>
commit e7530e6
Author: irvingouj @ Devolutions <139169536+irvingoujAtDevolution@users.noreply.github.com>
Date: Fri Jan 12 00:37:04 2024 -0500
refactor(dgw): redesign network-scan-net crate (#635)
commit 99d1a0b
Author: Richard Markiewicz <rmarkiewicz@devolutions.net>
Date: Thu Jan 11 20:42:19 2024 -0500
feat(installer): new Windows installer built using WixSharp (#638)
irvingoujAtDevolution
added a commit
that referenced
this pull request
Jan 22, 2024
commit 8546da2 Author: irving ou <jou@devolutions.net> Date: Mon Jan 22 14:30:35 2024 -0500 make queue capacity configurable commit 8917673 Author: irving ou <jou@devolutions.net> Date: Mon Jan 22 14:17:31 2024 -0500 update test, clippy and fmt commit e8dba40 Author: irving ou <jou@devolutions.net> Date: Mon Jan 22 14:11:06 2024 -0500 ci commit e6139ea Merge: d9d796d 2d0d4d4 Author: irving ou <jou@devolutions.net> Date: Mon Jan 22 14:08:46 2024 -0500 Merge branch 'Network-Scan-Refractor-2' of https://github.com/Devolutions/devolutions-gateway into Network-Scan-Refractor-2 commit d9d796d Author: irving ou <jou@devolutions.net> Date: Mon Jan 22 14:08:39 2024 -0500 refractor and review fixes commit 2d0d4d4 Author: irvingouj @ Devolutions <139169536+irvingoujAtDevolution@users.noreply.github.com> Date: Mon Jan 22 13:39:03 2024 -0500 Update crates/network-scanner/src/ping.rs Co-authored-by: Benoît Cortier <bcortier@proton.me> commit 373f87a Author: irving ou <jou@devolutions.net> Date: Fri Jan 19 15:55:33 2024 -0500 review updates commit 47b904a Author: irving ou <jou@devolutions.net> Date: Fri Jan 19 15:24:44 2024 -0500 review fixes commit cd59c10 Author: irving ou <jou@devolutions.net> Date: Fri Jan 19 14:07:47 2024 -0500 add unregister commit c95f3a4 Author: irving ou <jou@devolutions.net> Date: Fri Jan 19 12:56:28 2024 -0500 Add Udp/Tcp method and examples commit 6ff3cb5 Author: irving ou <jou@devolutions.net> Date: Thu Jan 18 17:03:07 2024 -0500 readability commit 0289a15 Author: irving ou <jou@devolutions.net> Date: Thu Jan 18 17:02:19 2024 -0500 CI commit ba584de Author: irving ou <jou@devolutions.net> Date: Thu Jan 18 17:00:42 2024 -0500 Update async_raw_socket.rs commit 08842ca Author: irving ou <jou@devolutions.net> Date: Thu Jan 18 16:52:29 2024 -0500 ci commit 5aa3329 Author: irving ou <jou@devolutions.net> Date: Thu Jan 18 15:07:21 2024 -0500 Review Fixes and refractoring commit 28e9f32 Author: irving ou <jou@devolutions.net> Date: Wed Jan 17 21:59:46 2024 -0500 Experimental commit 6d96dfa Author: irving ou <jou@devolutions.net> Date: Wed Jan 17 21:59:37 2024 -0500 Experimental commit df91726 Author: Benoît Cortier <bcortier@proton.me> Date: Wed Jan 17 13:28:37 2024 +0900 refactor(dgw): rename UsersPath option to UsersFile (#652) Not a breaking change, because the option is not yet released. commit 6c6509c Author: Benoît Cortier <bcortier@proton.me> Date: Wed Jan 17 12:28:38 2024 +0900 feat(dgw): store users list in a users.txt file (#651) Each line holds a user with the format `<user>:<hash>`. This changes the `Users` option into `UsersPath` for specifying a path to a users.txt file. By default, the path is `%ProgrameData%/Devolutions/Gateway/users.txt`. For each line such as `<user>:<hash>`: * `<user>`: The name of the user. * `<hash>`: Hash of the password in the PHC string format. Blank lines and lines starting by `#` are ignored. Issue: DGW-127 commit f3f6773 Author: Richard Markiewicz <rmarkiewicz@devolutions.net> Date: Tue Jan 16 21:23:49 2024 -0500 ci: build managed installer in workflows (#650) commit 2dadabd Author: Benoît Cortier <bcortier@proton.me> Date: Wed Jan 17 01:25:41 2024 +0900 fix(dgw): validate maximum lifetime for webapp token (#649) An oversight in the endpoint for signing webapp token was discovered. The configured maximum lifetime wasn’t properly enforced. Fortunately, this bug was discovered by our security team before the feature was released and delivered. As such, there is no need to create a security advisory. commit 6ebee46 Author: Benoît Cortier <bcortier@proton.me> Date: Wed Jan 17 01:19:01 2024 +0900 fix(dgw): ensure the hostname matches TLS certificate (#648) Warning logs are ignored at this point (logger not yet initialized), so it doesn’t really help. Since specifying a hostname not matching the TLS subject name is a configuration error, we now return an error upon loading the configuration.Log warnings are ignored at this point, so it doesn’t really help. commit b2244a9 Author: Benoît Cortier <bcortier@proton.me> Date: Wed Jan 17 00:57:59 2024 +0900 fix(dgw): spurious warning when using a wildcard certificate (#647) commit 1ee1920 Author: Richard Markiewicz <rmarkiewicz@devolutions.net> Date: Tue Jan 16 02:17:42 2024 -0500 ci: add standalone web ui to CI builds (#646) commit b5efdee Author: Krista House <khouse@devolutions.net> Date: Tue Jan 16 02:02:24 2024 -0500 feat(dgw): initial web application UI for standalone mode (#641) commit 9cf1a26 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Jan 15 22:13:34 2024 -0500 build(deps): bump the http group with 3 updates (#643) Bumps the http group with 3 updates: [axum](https://github.com/tokio-rs/axum), [axum-extra](https://github.com/tokio-rs/axum) and [tower-http](https://github.com/tower-rs/tower-http). Updates `axum` from 0.7.3 to 0.7.4 - [Release notes](https://github.com/tokio-rs/axum/releases) - [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md) - [Commits](tokio-rs/axum@axum-v0.7.3...axum-v0.7.4) Updates `axum-extra` from 0.9.1 to 0.9.2 - [Release notes](https://github.com/tokio-rs/axum/releases) - [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md) - [Commits](tokio-rs/axum@axum-extra-v0.9.1...axum-extra-v0.9.2) Updates `tower-http` from 0.5.0 to 0.5.1 - [Release notes](https://github.com/tower-rs/tower-http/releases) - [Commits](tower-rs/tower-http@tower-http-0.5.0...tower-http-0.5.1) --- updated-dependencies: - dependency-name: axum dependency-type: direct:production update-type: version-update:semver-patch dependency-group: http - dependency-name: axum-extra dependency-type: direct:production update-type: version-update:semver-patch dependency-group: http - dependency-name: tower-http dependency-type: direct:production update-type: version-update:semver-patch dependency-group: http ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 6ae7fcf Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Jan 15 21:39:55 2024 -0500 build(deps): bump utoipa from 4.1.0 to 4.2.0 (#645) Bumps [utoipa](https://github.com/juhaku/utoipa) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/juhaku/utoipa/releases) - [Commits](juhaku/utoipa@utoipa-4.1.0...utoipa-4.2.0) --- updated-dependencies: - dependency-name: utoipa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 26f77f1 Author: Richard Markiewicz <rmarkiewicz@devolutions.net> Date: Mon Jan 15 21:31:49 2024 -0500 feat(installer): add Windows sytem certificate support to managed installer (#640) commit 1c98f62 Author: Marc-André Moreau <mamoreau@devolutions.net> Date: Mon Jan 15 16:39:07 2024 -0500 add basic webapp configuration to PowerShell module commit 6df790b Author: Marc-André Moreau <marcandre.moreau@gmail.com> Date: Sun Jan 14 20:22:54 2024 -0500 refactor(pwsh): switch from PemUtils to Picky (#639) Co-authored-by: Richard Markiewicz <rmarkiewicz@devolutions.net> commit e7530e6 Author: irvingouj @ Devolutions <139169536+irvingoujAtDevolution@users.noreply.github.com> Date: Fri Jan 12 00:37:04 2024 -0500 refactor(dgw): redesign network-scan-net crate (#635) commit 99d1a0b Author: Richard Markiewicz <rmarkiewicz@devolutions.net> Date: Thu Jan 11 20:42:19 2024 -0500 feat(installer): new Windows installer built using WixSharp (#638)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Warning logs are ignored at this point (logger not yet initialized), so it doesn’t really help. Since specifying a hostname not matching the TLS subject name is a configuration error, we now return an error upon loading the configuration.