Commit Graph

38 Commits

Author SHA1 Message Date
Alexander A. Klimov 7f7637c9b8 Introduce DEFAULT_TLS_CIPHERS and DEFAULT_TLS_PROTOCOLMIN 2021-07-22 11:12:33 +02:00
Alexander A. Klimov 07d768f166 API: hide ApiListener#ticket_salt 2021-07-02 16:29:53 +02:00
Julian Brost 56060bc8d5 ApiListener: Deprecate tls_handshake_timeout in favor of connect_timeout 2021-06-23 11:21:42 +02:00
Julian Brost 84d778580f Add timeout for all new connections
This commit adds a timeout for both establishing new outgoing and incoming
connections. This timeout applies to everything until the connection is in a
state where either JsonRpcConnection or HttpServerConnection takes over.
2021-06-23 11:21:42 +02:00
Michael Friedrich d3eb62301e API: Add AES128-GCM-SHA256 compatible cipher for el6
fixes #7501
2019-09-16 14:19:22 +02:00
Michael Friedrich ebd6735c70 TLS Ciphers: Add compatibility suites for older agents (el7) 2019-07-30 10:55:29 +02:00
Michael Friedrich fb367e12cc Store the last failed zone stage sync validation as runtime ApiListener attribute 2019-06-19 14:46:11 +02:00
Michael Friedrich fd9887c5af API: Harden default cipher list
According to https://www.acunetix.com/blog/articles/tls-ssl-cipher-hardening/
2019-06-05 09:55:43 +02:00
Michael Friedrich d82c067555 Require TLS 1.2 for Cluster & REST API
refs #7041
2019-05-29 17:08:36 +02:00
Michael Friedrich d14a88235d Replace Copyright header with a short version, part I
CLion -> replace in path
2019-02-25 14:48:22 +01:00
Michael Friedrich 44c3b83769 icinga.com: Update '*.ti' 2018-10-18 09:30:00 +02:00
Michael Friedrich 29701b4db5 Add ApiListener#tls_handshake_timeout option
This allows to specify the previously hardcoded
timeout of 10s.

refs #6517
2018-09-14 09:20:09 +02:00
Michael Friedrich 9a75f47fc5 Allow to configure anonymous clients limit inside the ApiListener object
Previously this was hardcoded, and for security reasons users might want
to adjust this value. This affects CSR signing requests as well as
clients which have not yet been configured as endpoints on the current
node.

refs #6566
2018-09-05 17:45:35 +02:00
Gunnar Beutner e678fa1aa5 Refactor Application::*Const() 2018-08-13 15:27:05 +02:00
Markus Frosch 20269a89d0 ApiListener: Add support for dynamic port handling 2018-08-08 17:42:57 +02:00
Jean Flach c54e042942 Add activation priorities for config object types
This patch ensures that specific configuration types
are pre-activated and post-activated. In general,
logging is first, then common configuration objects
like host/service, downtimes, etc.
In the end, all features are activated after to ensure
that notifications are only sent once downtimes are applied.
A similar thing happens for starting with checks too early.
The ApiListener feature runs first to allow cluster connections
at first glance.

fixes #6057
fixes #6231
2018-05-04 11:25:47 +02:00
Noah Hilverling 186cad9872 Clean up CORS implementation 2018-03-01 14:04:56 +01:00
Michael Insel 158ae2188e Change copyright header for 2018 2018-01-02 12:08:55 +01:00
Gunnar Beutner f2d437e96c Implement support for migrating certificates to /var/lib/icinga2/certs
This commit includes documentation too.

Signed-off-by: Michael Friedrich <michael.friedrich@icinga.com>
2017-10-20 14:06:02 +02:00
Gunnar Beutner 92727d13c7 Fix a build warning
refs #5443
2017-09-25 12:15:59 +02:00
Noah Hilverling 94fe1b2292 HttpServerConnection: Implement CORS support
fixes #4326
2017-09-20 13:18:29 +02:00
Michael Friedrich b7caf0820d Ensure that *.icinga.com is used everywhere
fixes #13897
fixes #13277
2017-01-10 17:19:12 +01:00
Uwe Ebel b2ac05ad7d Make the minimum TLS protocol version configurable
The ApiListener accepts all TLS versions that the underlying
OpenSSL library supports. This patch give the ability to restrict
the connection to a minimum TLS version.

fixes #11292

Signed-off-by: Gunnar Beutner <gunnar.beutner@netways.de>
2016-08-03 07:46:50 +02:00
Uwe Ebel 1ca8b293cb Make the cipher list configurable for TLS streams
fixes #11063

Signed-off-by: Gunnar Beutner <gunnar.beutner@netways.de>
2016-07-18 13:40:00 +02:00
Gunnar Beutner e3f1c1ec6f Make sure timestamps are formatted as integers in macro strings
refs #11483
2016-06-21 11:29:12 +02:00
Gunnar Beutner 599929b0f6 Update copyright headers for 2016 2016-01-12 08:29:59 +01:00
Gunnar Beutner d01f09f3ef Hide internal attributes in the API
fixes #10393
2015-10-20 08:25:10 +02:00
Gunnar Beutner 071d2f18fb Rename DynamicObject/DynamicType to ConfigObject/ConfigType
fixes #9914
2015-08-15 20:40:41 +02:00
Michael Friedrich d7970f5bb1 Implement modified attributes v2
refs #9081
refs #9093
2015-08-15 20:07:10 +02:00
Gunnar Beutner ec7224e3ed Generate C++ code for type validators
fixes #7709
fixes #8867
2015-03-27 07:59:27 +01:00
Michael Friedrich 78bfd0204c Update copyright year 2015-01-22 12:00:23 +01:00
Gunnar Beutner 7321e45abc Implement support for executing remote commands
fixes #7559
2014-11-13 14:54:55 +01:00
Gunnar Beutner 92896311f3 Implement support for C/C++ comments in the TI compiler
fixes #5018
2014-10-17 19:44:31 +02:00
Gunnar Beutner f433679b13 Implement the "pki request" and "pki ticket" commands
refs #7244
2014-10-16 12:27:34 +02:00
Gunnar Beutner 632026cd9f Rename C++ header files.
Fixes #6291
2014-05-25 16:27:14 +02:00
Gunnar Beutner dcbe7e1dfd Implement "accept_config" attribute.
Refs #6191
2014-05-15 10:13:32 +02:00
Gunnar Beutner 0d36cc8d5f Implement support for the zones.d config directory.
Refs #6191
2014-05-13 13:19:43 +02:00
Gunnar Beutner 45270f1bb8 Refactor the agent and cluster components.
Refs #6107
2014-05-08 09:13:04 +02:00