Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for ssl peer fingerprint #136

Merged
merged 3 commits into from
Jul 17, 2024
Merged

Add support for ssl peer fingerprint #136

merged 3 commits into from
Jul 17, 2024

Conversation

bazsi
Copy link
Member

@bazsi bazsi commented Jun 2, 2024

This resolves syslog-ng/syslog-ng#4978

@bazsi bazsi force-pushed the add-support-for-ssl-peer-fingerprint branch from 39e4122 to 5de78b1 Compare June 7, 2024 14:03
MrAnno
MrAnno reviewed Jun 7, 2024
View reviewed changes
lib/transport/tls-session.c Outdated Show resolved Hide resolved
@bazsi
tls-session: fix whitespace issues
db2b8c4 
Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com>
@bazsi
transport-tls: add ${.tls.x509_fp} variable to contain the X.509 fing…
fc94e9f 
…erprint

If trusted-keys() is used, the certificate fingerprint is added added
to ${.tls.x509_fp} with the same algorithm that was used to validate
trusted-keys, which is SHA1 at the moment (unfortunately, but that's
a separate PR.

Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com>
@bazsi bazsi force-pushed the add-support-for-ssl-peer-fingerprint branch 2 times, most recently from bcbee05 to fc94e9f Compare July 16, 2024 07:57
@bazsi
news: added news entry
23c28a5 
Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com>
@bazsi
Copy link
Member Author

bazsi commented Jul 16, 2024

I've dropped the change in trusted-keys() validation, as we agreed with @MrAnno that it should be introduced with a new option (trusted-fingerprints() or something like that).

By dropping this patch, this PR became very simple, if there's trusted-keys() based validation in a config, the key fingerprint is saved into ${.tls.x509_fp} along with the CA and similar parameters.

With that this is mergable.

@bazsi bazsi requested a review from MrAnno July 17, 2024 09:47
@MrAnno MrAnno merged commit a160aaa into axoflow:main Jul 17, 2024
22 checks passed
@HofiOne HofiOne mentioned this pull request Sep 4, 2024
Merged
@MrAnno MrAnno mentioned this pull request Oct 12, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MrAnno MrAnno MrAnno approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add macro for certificate fingerprint
2 participants
@bazsi @MrAnno