Alexander A. Klimov
504fdda76c
Introduce DEFAULT_CONNECT_TIMEOUT
2021-07-27 21:57:02 +02:00
Alexander A. Klimov
7f7637c9b8
Introduce DEFAULT_TLS_CIPHERS and DEFAULT_TLS_PROTOCOLMIN
2021-07-22 11:12:33 +02:00
Alexander A. Klimov
07d768f166
API: hide ApiListener#ticket_salt
2021-07-02 16:29:53 +02:00
Julian Brost
56060bc8d5
ApiListener: Deprecate tls_handshake_timeout in favor of connect_timeout
2021-06-23 11:21:42 +02:00
Julian Brost
84d778580f
Add timeout for all new connections
...
This commit adds a timeout for both establishing new outgoing and incoming
connections. This timeout applies to everything until the connection is in a
state where either JsonRpcConnection or HttpServerConnection takes over.
2021-06-23 11:21:42 +02:00
Michael Friedrich
d3eb62301e
API: Add AES128-GCM-SHA256 compatible cipher for el6
...
fixes #7501
2019-09-16 14:19:22 +02:00
Michael Friedrich
ebd6735c70
TLS Ciphers: Add compatibility suites for older agents (el7)
2019-07-30 10:55:29 +02:00
Michael Friedrich
fb367e12cc
Store the last failed zone stage sync validation as runtime ApiListener attribute
2019-06-19 14:46:11 +02:00
Michael Friedrich
fd9887c5af
API: Harden default cipher list
...
According to https://www.acunetix.com/blog/articles/tls-ssl-cipher-hardening/
2019-06-05 09:55:43 +02:00
Michael Friedrich
d82c067555
Require TLS 1.2 for Cluster & REST API
...
refs #7041
2019-05-29 17:08:36 +02:00
Michael Friedrich
d14a88235d
Replace Copyright header with a short version, part I
...
CLion -> replace in path
2019-02-25 14:48:22 +01:00
Michael Friedrich
44c3b83769
icinga.com: Update '*.ti'
2018-10-18 09:30:00 +02:00
Michael Friedrich
29701b4db5
Add ApiListener#tls_handshake_timeout option
...
This allows to specify the previously hardcoded
timeout of 10s.
refs #6517
2018-09-14 09:20:09 +02:00
Michael Friedrich
9a75f47fc5
Allow to configure anonymous clients limit inside the ApiListener object
...
Previously this was hardcoded, and for security reasons users might want
to adjust this value. This affects CSR signing requests as well as
clients which have not yet been configured as endpoints on the current
node.
refs #6566
2018-09-05 17:45:35 +02:00
Gunnar Beutner
e678fa1aa5
Refactor Application::*Const()
2018-08-13 15:27:05 +02:00
Markus Frosch
20269a89d0
ApiListener: Add support for dynamic port handling
2018-08-08 17:42:57 +02:00
Jean Flach
c54e042942
Add activation priorities for config object types
...
This patch ensures that specific configuration types
are pre-activated and post-activated. In general,
logging is first, then common configuration objects
like host/service, downtimes, etc.
In the end, all features are activated after to ensure
that notifications are only sent once downtimes are applied.
A similar thing happens for starting with checks too early.
The ApiListener feature runs first to allow cluster connections
at first glance.
fixes #6057
fixes #6231
2018-05-04 11:25:47 +02:00
Noah Hilverling
186cad9872
Clean up CORS implementation
2018-03-01 14:04:56 +01:00
Michael Insel
158ae2188e
Change copyright header for 2018
2018-01-02 12:08:55 +01:00
Gunnar Beutner
f2d437e96c
Implement support for migrating certificates to /var/lib/icinga2/certs
...
This commit includes documentation too.
Signed-off-by: Michael Friedrich <michael.friedrich@icinga.com>
2017-10-20 14:06:02 +02:00
Gunnar Beutner
92727d13c7
Fix a build warning
...
refs #5443
2017-09-25 12:15:59 +02:00
Noah Hilverling
94fe1b2292
HttpServerConnection: Implement CORS support
...
fixes #4326
2017-09-20 13:18:29 +02:00
Michael Friedrich
b7caf0820d
Ensure that *.icinga.com is used everywhere
...
fixes #13897
fixes #13277
2017-01-10 17:19:12 +01:00
Uwe Ebel
b2ac05ad7d
Make the minimum TLS protocol version configurable
...
The ApiListener accepts all TLS versions that the underlying
OpenSSL library supports. This patch give the ability to restrict
the connection to a minimum TLS version.
fixes #11292
Signed-off-by: Gunnar Beutner <gunnar.beutner@netways.de>
2016-08-03 07:46:50 +02:00
Uwe Ebel
1ca8b293cb
Make the cipher list configurable for TLS streams
...
fixes #11063
Signed-off-by: Gunnar Beutner <gunnar.beutner@netways.de>
2016-07-18 13:40:00 +02:00
Gunnar Beutner
e3f1c1ec6f
Make sure timestamps are formatted as integers in macro strings
...
refs #11483
2016-06-21 11:29:12 +02:00
Gunnar Beutner
599929b0f6
Update copyright headers for 2016
2016-01-12 08:29:59 +01:00
Gunnar Beutner
d01f09f3ef
Hide internal attributes in the API
...
fixes #10393
2015-10-20 08:25:10 +02:00
Gunnar Beutner
071d2f18fb
Rename DynamicObject/DynamicType to ConfigObject/ConfigType
...
fixes #9914
2015-08-15 20:40:41 +02:00
Michael Friedrich
d7970f5bb1
Implement modified attributes v2
...
refs #9081
refs #9093
2015-08-15 20:07:10 +02:00
Gunnar Beutner
ec7224e3ed
Generate C++ code for type validators
...
fixes #7709
fixes #8867
2015-03-27 07:59:27 +01:00
Michael Friedrich
78bfd0204c
Update copyright year
2015-01-22 12:00:23 +01:00
Gunnar Beutner
7321e45abc
Implement support for executing remote commands
...
fixes #7559
2014-11-13 14:54:55 +01:00
Gunnar Beutner
92896311f3
Implement support for C/C++ comments in the TI compiler
...
fixes #5018
2014-10-17 19:44:31 +02:00
Gunnar Beutner
f433679b13
Implement the "pki request" and "pki ticket" commands
...
refs #7244
2014-10-16 12:27:34 +02:00
Gunnar Beutner
632026cd9f
Rename C++ header files.
...
Fixes #6291
2014-05-25 16:27:14 +02:00
Gunnar Beutner
dcbe7e1dfd
Implement "accept_config" attribute.
...
Refs #6191
2014-05-15 10:13:32 +02:00
Gunnar Beutner
0d36cc8d5f
Implement support for the zones.d config directory.
...
Refs #6191
2014-05-13 13:19:43 +02:00
Gunnar Beutner
45270f1bb8
Refactor the agent and cluster components.
...
Refs #6107
2014-05-08 09:13:04 +02:00