-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(dgw): ensure the hostname matches TLS certificate #648
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Warning logs are ignored at this point (logger not yet initialized), so it doesn’t really help. Since specifying a hostname not matching the TLS subject name is a configuration error, we now return an error upon loading the configuration.Log warnings are ignored at this point, so it doesn’t really help.
CBenoit
force-pushed
the
fix-warning-wildcard-cert
branch
from
January 16, 2024 16:04
ebeceba
to
fd1521f
Compare
thenextman
approved these changes
Jan 16, 2024
irvingoujAtDevolution
added a commit
that referenced
this pull request
Jan 19, 2024
commit 40ed44f8de79a659eab685d54fc6fbe3f465b5e9 Author: irving ou <jou@devolutions.net> Date: Fri Jan 19 14:39:10 2024 -0500 rebase on refractored socket commit d7d10b47fc6006dbb8c962f048b7d3c276c20fe7 Author: irving ou <jou@devolutions.net> Date: Thu Jan 11 10:55:10 2024 -0500 Support ip boardcasting with sync/async stream formatter and dependency check point check point get network interface Support ip boardcasting with sync/async stream review fix review fix review fixes and rebase remove unused code remove unused code ci review update commit cd59c10 Author: irving ou <jou@devolutions.net> Date: Fri Jan 19 14:07:47 2024 -0500 add unregister commit c95f3a4 Author: irving ou <jou@devolutions.net> Date: Fri Jan 19 12:56:28 2024 -0500 Add Udp/Tcp method and examples commit 6ff3cb5 Author: irving ou <jou@devolutions.net> Date: Thu Jan 18 17:03:07 2024 -0500 readability commit 0289a15 Author: irving ou <jou@devolutions.net> Date: Thu Jan 18 17:02:19 2024 -0500 CI commit ba584de Author: irving ou <jou@devolutions.net> Date: Thu Jan 18 17:00:42 2024 -0500 Update async_raw_socket.rs commit 08842ca Author: irving ou <jou@devolutions.net> Date: Thu Jan 18 16:52:29 2024 -0500 ci commit 5aa3329 Author: irving ou <jou@devolutions.net> Date: Thu Jan 18 15:07:21 2024 -0500 Review Fixes and refractoring commit 28e9f32 Author: irving ou <jou@devolutions.net> Date: Wed Jan 17 21:59:46 2024 -0500 Experimental commit 6d96dfa Author: irving ou <jou@devolutions.net> Date: Wed Jan 17 21:59:37 2024 -0500 Experimental commit df91726 Author: Benoît Cortier <bcortier@proton.me> Date: Wed Jan 17 13:28:37 2024 +0900 refactor(dgw): rename UsersPath option to UsersFile (#652) Not a breaking change, because the option is not yet released. commit 6c6509c Author: Benoît Cortier <bcortier@proton.me> Date: Wed Jan 17 12:28:38 2024 +0900 feat(dgw): store users list in a users.txt file (#651) Each line holds a user with the format `<user>:<hash>`. This changes the `Users` option into `UsersPath` for specifying a path to a users.txt file. By default, the path is `%ProgrameData%/Devolutions/Gateway/users.txt`. For each line such as `<user>:<hash>`: * `<user>`: The name of the user. * `<hash>`: Hash of the password in the PHC string format. Blank lines and lines starting by `#` are ignored. Issue: DGW-127 commit f3f6773 Author: Richard Markiewicz <rmarkiewicz@devolutions.net> Date: Tue Jan 16 21:23:49 2024 -0500 ci: build managed installer in workflows (#650) commit 2dadabd Author: Benoît Cortier <bcortier@proton.me> Date: Wed Jan 17 01:25:41 2024 +0900 fix(dgw): validate maximum lifetime for webapp token (#649) An oversight in the endpoint for signing webapp token was discovered. The configured maximum lifetime wasn’t properly enforced. Fortunately, this bug was discovered by our security team before the feature was released and delivered. As such, there is no need to create a security advisory. commit 6ebee46 Author: Benoît Cortier <bcortier@proton.me> Date: Wed Jan 17 01:19:01 2024 +0900 fix(dgw): ensure the hostname matches TLS certificate (#648) Warning logs are ignored at this point (logger not yet initialized), so it doesn’t really help. Since specifying a hostname not matching the TLS subject name is a configuration error, we now return an error upon loading the configuration.Log warnings are ignored at this point, so it doesn’t really help. commit b2244a9 Author: Benoît Cortier <bcortier@proton.me> Date: Wed Jan 17 00:57:59 2024 +0900 fix(dgw): spurious warning when using a wildcard certificate (#647) commit 1ee1920 Author: Richard Markiewicz <rmarkiewicz@devolutions.net> Date: Tue Jan 16 02:17:42 2024 -0500 ci: add standalone web ui to CI builds (#646) commit b5efdee Author: Krista House <khouse@devolutions.net> Date: Tue Jan 16 02:02:24 2024 -0500 feat(dgw): initial web application UI for standalone mode (#641) commit 9cf1a26 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Jan 15 22:13:34 2024 -0500 build(deps): bump the http group with 3 updates (#643) Bumps the http group with 3 updates: [axum](https://github.com/tokio-rs/axum), [axum-extra](https://github.com/tokio-rs/axum) and [tower-http](https://github.com/tower-rs/tower-http). Updates `axum` from 0.7.3 to 0.7.4 - [Release notes](https://github.com/tokio-rs/axum/releases) - [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md) - [Commits](tokio-rs/axum@axum-v0.7.3...axum-v0.7.4) Updates `axum-extra` from 0.9.1 to 0.9.2 - [Release notes](https://github.com/tokio-rs/axum/releases) - [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md) - [Commits](tokio-rs/axum@axum-extra-v0.9.1...axum-extra-v0.9.2) Updates `tower-http` from 0.5.0 to 0.5.1 - [Release notes](https://github.com/tower-rs/tower-http/releases) - [Commits](tower-rs/tower-http@tower-http-0.5.0...tower-http-0.5.1) --- updated-dependencies: - dependency-name: axum dependency-type: direct:production update-type: version-update:semver-patch dependency-group: http - dependency-name: axum-extra dependency-type: direct:production update-type: version-update:semver-patch dependency-group: http - dependency-name: tower-http dependency-type: direct:production update-type: version-update:semver-patch dependency-group: http ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 6ae7fcf Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Jan 15 21:39:55 2024 -0500 build(deps): bump utoipa from 4.1.0 to 4.2.0 (#645) Bumps [utoipa](https://github.com/juhaku/utoipa) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/juhaku/utoipa/releases) - [Commits](juhaku/utoipa@utoipa-4.1.0...utoipa-4.2.0) --- updated-dependencies: - dependency-name: utoipa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 26f77f1 Author: Richard Markiewicz <rmarkiewicz@devolutions.net> Date: Mon Jan 15 21:31:49 2024 -0500 feat(installer): add Windows sytem certificate support to managed installer (#640) commit 1c98f62 Author: Marc-André Moreau <mamoreau@devolutions.net> Date: Mon Jan 15 16:39:07 2024 -0500 add basic webapp configuration to PowerShell module commit 6df790b Author: Marc-André Moreau <marcandre.moreau@gmail.com> Date: Sun Jan 14 20:22:54 2024 -0500 refactor(pwsh): switch from PemUtils to Picky (#639) Co-authored-by: Richard Markiewicz <rmarkiewicz@devolutions.net> commit e7530e6 Author: irvingouj @ Devolutions <139169536+irvingoujAtDevolution@users.noreply.github.com> Date: Fri Jan 12 00:37:04 2024 -0500 refactor(dgw): redesign network-scan-net crate (#635) commit 99d1a0b Author: Richard Markiewicz <rmarkiewicz@devolutions.net> Date: Thu Jan 11 20:42:19 2024 -0500 feat(installer): new Windows installer built using WixSharp (#638)
irvingoujAtDevolution
added a commit
that referenced
this pull request
Jan 22, 2024
commit 8546da2 Author: irving ou <jou@devolutions.net> Date: Mon Jan 22 14:30:35 2024 -0500 make queue capacity configurable commit 8917673 Author: irving ou <jou@devolutions.net> Date: Mon Jan 22 14:17:31 2024 -0500 update test, clippy and fmt commit e8dba40 Author: irving ou <jou@devolutions.net> Date: Mon Jan 22 14:11:06 2024 -0500 ci commit e6139ea Merge: d9d796d 2d0d4d4 Author: irving ou <jou@devolutions.net> Date: Mon Jan 22 14:08:46 2024 -0500 Merge branch 'Network-Scan-Refractor-2' of https://github.com/Devolutions/devolutions-gateway into Network-Scan-Refractor-2 commit d9d796d Author: irving ou <jou@devolutions.net> Date: Mon Jan 22 14:08:39 2024 -0500 refractor and review fixes commit 2d0d4d4 Author: irvingouj @ Devolutions <139169536+irvingoujAtDevolution@users.noreply.github.com> Date: Mon Jan 22 13:39:03 2024 -0500 Update crates/network-scanner/src/ping.rs Co-authored-by: Benoît Cortier <bcortier@proton.me> commit 373f87a Author: irving ou <jou@devolutions.net> Date: Fri Jan 19 15:55:33 2024 -0500 review updates commit 47b904a Author: irving ou <jou@devolutions.net> Date: Fri Jan 19 15:24:44 2024 -0500 review fixes commit cd59c10 Author: irving ou <jou@devolutions.net> Date: Fri Jan 19 14:07:47 2024 -0500 add unregister commit c95f3a4 Author: irving ou <jou@devolutions.net> Date: Fri Jan 19 12:56:28 2024 -0500 Add Udp/Tcp method and examples commit 6ff3cb5 Author: irving ou <jou@devolutions.net> Date: Thu Jan 18 17:03:07 2024 -0500 readability commit 0289a15 Author: irving ou <jou@devolutions.net> Date: Thu Jan 18 17:02:19 2024 -0500 CI commit ba584de Author: irving ou <jou@devolutions.net> Date: Thu Jan 18 17:00:42 2024 -0500 Update async_raw_socket.rs commit 08842ca Author: irving ou <jou@devolutions.net> Date: Thu Jan 18 16:52:29 2024 -0500 ci commit 5aa3329 Author: irving ou <jou@devolutions.net> Date: Thu Jan 18 15:07:21 2024 -0500 Review Fixes and refractoring commit 28e9f32 Author: irving ou <jou@devolutions.net> Date: Wed Jan 17 21:59:46 2024 -0500 Experimental commit 6d96dfa Author: irving ou <jou@devolutions.net> Date: Wed Jan 17 21:59:37 2024 -0500 Experimental commit df91726 Author: Benoît Cortier <bcortier@proton.me> Date: Wed Jan 17 13:28:37 2024 +0900 refactor(dgw): rename UsersPath option to UsersFile (#652) Not a breaking change, because the option is not yet released. commit 6c6509c Author: Benoît Cortier <bcortier@proton.me> Date: Wed Jan 17 12:28:38 2024 +0900 feat(dgw): store users list in a users.txt file (#651) Each line holds a user with the format `<user>:<hash>`. This changes the `Users` option into `UsersPath` for specifying a path to a users.txt file. By default, the path is `%ProgrameData%/Devolutions/Gateway/users.txt`. For each line such as `<user>:<hash>`: * `<user>`: The name of the user. * `<hash>`: Hash of the password in the PHC string format. Blank lines and lines starting by `#` are ignored. Issue: DGW-127 commit f3f6773 Author: Richard Markiewicz <rmarkiewicz@devolutions.net> Date: Tue Jan 16 21:23:49 2024 -0500 ci: build managed installer in workflows (#650) commit 2dadabd Author: Benoît Cortier <bcortier@proton.me> Date: Wed Jan 17 01:25:41 2024 +0900 fix(dgw): validate maximum lifetime for webapp token (#649) An oversight in the endpoint for signing webapp token was discovered. The configured maximum lifetime wasn’t properly enforced. Fortunately, this bug was discovered by our security team before the feature was released and delivered. As such, there is no need to create a security advisory. commit 6ebee46 Author: Benoît Cortier <bcortier@proton.me> Date: Wed Jan 17 01:19:01 2024 +0900 fix(dgw): ensure the hostname matches TLS certificate (#648) Warning logs are ignored at this point (logger not yet initialized), so it doesn’t really help. Since specifying a hostname not matching the TLS subject name is a configuration error, we now return an error upon loading the configuration.Log warnings are ignored at this point, so it doesn’t really help. commit b2244a9 Author: Benoît Cortier <bcortier@proton.me> Date: Wed Jan 17 00:57:59 2024 +0900 fix(dgw): spurious warning when using a wildcard certificate (#647) commit 1ee1920 Author: Richard Markiewicz <rmarkiewicz@devolutions.net> Date: Tue Jan 16 02:17:42 2024 -0500 ci: add standalone web ui to CI builds (#646) commit b5efdee Author: Krista House <khouse@devolutions.net> Date: Tue Jan 16 02:02:24 2024 -0500 feat(dgw): initial web application UI for standalone mode (#641) commit 9cf1a26 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Jan 15 22:13:34 2024 -0500 build(deps): bump the http group with 3 updates (#643) Bumps the http group with 3 updates: [axum](https://github.com/tokio-rs/axum), [axum-extra](https://github.com/tokio-rs/axum) and [tower-http](https://github.com/tower-rs/tower-http). Updates `axum` from 0.7.3 to 0.7.4 - [Release notes](https://github.com/tokio-rs/axum/releases) - [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md) - [Commits](tokio-rs/axum@axum-v0.7.3...axum-v0.7.4) Updates `axum-extra` from 0.9.1 to 0.9.2 - [Release notes](https://github.com/tokio-rs/axum/releases) - [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md) - [Commits](tokio-rs/axum@axum-extra-v0.9.1...axum-extra-v0.9.2) Updates `tower-http` from 0.5.0 to 0.5.1 - [Release notes](https://github.com/tower-rs/tower-http/releases) - [Commits](tower-rs/tower-http@tower-http-0.5.0...tower-http-0.5.1) --- updated-dependencies: - dependency-name: axum dependency-type: direct:production update-type: version-update:semver-patch dependency-group: http - dependency-name: axum-extra dependency-type: direct:production update-type: version-update:semver-patch dependency-group: http - dependency-name: tower-http dependency-type: direct:production update-type: version-update:semver-patch dependency-group: http ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 6ae7fcf Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Jan 15 21:39:55 2024 -0500 build(deps): bump utoipa from 4.1.0 to 4.2.0 (#645) Bumps [utoipa](https://github.com/juhaku/utoipa) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/juhaku/utoipa/releases) - [Commits](juhaku/utoipa@utoipa-4.1.0...utoipa-4.2.0) --- updated-dependencies: - dependency-name: utoipa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 26f77f1 Author: Richard Markiewicz <rmarkiewicz@devolutions.net> Date: Mon Jan 15 21:31:49 2024 -0500 feat(installer): add Windows sytem certificate support to managed installer (#640) commit 1c98f62 Author: Marc-André Moreau <mamoreau@devolutions.net> Date: Mon Jan 15 16:39:07 2024 -0500 add basic webapp configuration to PowerShell module commit 6df790b Author: Marc-André Moreau <marcandre.moreau@gmail.com> Date: Sun Jan 14 20:22:54 2024 -0500 refactor(pwsh): switch from PemUtils to Picky (#639) Co-authored-by: Richard Markiewicz <rmarkiewicz@devolutions.net> commit e7530e6 Author: irvingouj @ Devolutions <139169536+irvingoujAtDevolution@users.noreply.github.com> Date: Fri Jan 12 00:37:04 2024 -0500 refactor(dgw): redesign network-scan-net crate (#635) commit 99d1a0b Author: Richard Markiewicz <rmarkiewicz@devolutions.net> Date: Thu Jan 11 20:42:19 2024 -0500 feat(installer): new Windows installer built using WixSharp (#638)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Warning logs are ignored at this point (logger not yet initialized), so it doesn’t really help. Since specifying a hostname not matching the TLS subject name is a configuration error, we now return an error upon loading the configuration.