Michael Friedrich
06d0c3ea4e
Merge pull request #7843 from Icinga/feature/cli-pki-verify
...
CLI: Add `pki verify` command for better TLS certificate troubleshooting
2020-02-25 09:07:24 +01:00
Michael Friedrich
fdb13d1b7d
TlsUtility: Replace deprecated OpenSSL function with ASN1_STRING_get0_data()
2020-02-21 13:02:58 +01:00
Michael Friedrich
548eb933c9
TlsUtility: Add getters for version, signature algorithm, SANs
2020-02-17 17:42:20 +01:00
Henrik Triem
099cc5d8df
Merge pull request #7833 from Icinga/feature/version-build-info-openssl
...
CLI: Add OpenSSL version to 'Build' section in --version
2020-02-17 17:07:51 +01:00
Michael Friedrich
71c7eebe4e
CLI: Add OpenSSL version to 'Build' section in --version
...
This helps to see against which OpenSSL version Icinga was built.
Inspired by #5572
2020-02-14 08:55:39 +01:00
Michael Friedrich
a7436394cd
TlsUtility: Add IsCa() function to verify given certificate being a CA certificate
2020-02-13 16:03:43 +01:00
Alexander A. Klimov
ba1ce9c853
Replace std::shared_ptr<boost::asio::ssl::context> with Shared<boost::asio::ssl::context>::Ptr
2019-10-21 16:12:46 +02:00
Michael Friedrich
0fd2fc0a4f
Only include SSL_CTX_set_ecdh_auto for OpenSSL < 1.1.0
2019-07-23 17:39:02 +02:00
Michael Friedrich
6682a427d4
TLS: Ensure to specify options in one place
...
`SetTlsProtocolminToSSLContext()` may have overridden
previous flags.
refs #7277
refs #7041
refs #7211
2019-07-15 13:29:55 +02:00
Michael Friedrich
524e2368be
Respect OpenSSL 1.1.0 vs older
2019-07-12 14:56:08 +02:00
Michael Friedrich
32d288f243
TLS: Fetch the cipher list and log them for debugging
2019-07-12 14:39:17 +02:00
Alexander A. Klimov
6568017658
Use SSL_CTX_set_ecdh_auto only if available
...
refs #7280
2019-07-04 13:05:31 +02:00
Michael Friedrich
9c92368774
SSL Context: Explicitly load ECC ciphers on el7
...
Otherwise curl/nss as client won't be able to use the
new default cipher list.
fixes #7247
2019-06-18 14:58:19 +02:00
Michael Friedrich
146b337d4d
Merge pull request #7211 from Icinga/feature/asio-tls-version
...
Require TLS 1.2 for Cluster & REST API
2019-06-03 16:19:22 +02:00
Michael Friedrich
d82c067555
Require TLS 1.2 for Cluster & REST API
...
refs #7041
2019-05-29 17:08:36 +02:00
Michael Friedrich
ba44c3921c
Quality: Remove old MakeSSLContext() interface
2019-05-28 13:03:34 +02:00
Elias Ohm
e75f063552
bring some things in line
...
- account for documented buffer size openssl 1.1.x for error string (>=256 bytes)
- use nullptr instead of NULL
- fix/streamline null-checks
2019-05-09 00:22:24 +02:00
Jean Flach
9a0d894f10
Don't use deprecated RSA_generate_key
...
fixes #4635
2019-05-08 23:46:31 +02:00
Alexander A. Klimov
2615967e7f
Make ApiListener#m_SSLContext a Boost ASIO SSL context
2019-04-01 11:40:14 +02:00
Michael Friedrich
d14a88235d
Replace Copyright header with a short version, part I
...
CLion -> replace in path
2019-02-25 14:48:22 +01:00
Michael Friedrich
dab53448bc
icinga.com: Update *.{h,c}pp
2018-10-18 09:27:04 +02:00
Gunnar Beutner
e678fa1aa5
Refactor Application::*Const()
2018-08-13 15:27:05 +02:00
Markus Frosch
9fbc40615a
Improve path handling in cmake and daemon
2018-08-07 14:10:26 +02:00
Michael Friedrich
2fd6709952
Remove ApiUser password_hash functionality
...
This affects and fixes
- Windows reload
- Config validation
- RHEL 7.5 OpenSSL memory corruption
- Hash algorithm, requested changes
refs #6378
refs #6279
refs #6278
2018-06-19 11:32:03 +02:00
Jean Flach
08a14cd136
Ensure that password hash generation from OpenSSL is atomic
...
This is supposed to solve a problem with segfaults caused by
race conditions withing the random byte generation of OpenSSL.
fixes #6279
2018-05-23 10:55:14 +02:00
Michael Friedrich
1102f60b43
Revert "Implement support for ECC certificates"
...
This reverts commit 10691db5b1
.
refs #5555
refs #6200
2018-05-02 16:54:07 +02:00
Jean Flach
0a0795f09d
Code style
2018-02-16 11:47:13 +01:00
Jean Flach
65a806f5dc
Move new password functions into tlsutility
2018-02-15 13:09:22 +01:00
Jean Flach
92e2faaa08
Hash API password and comparison
...
fixes #4920
2018-02-15 13:09:22 +01:00
Gunnar Beutner
f05459b40c
Move inline functions to their .cpp files
2018-01-04 12:24:58 +01:00
Gunnar Beutner
e0c350b8a5
Apply clang-tidy fix 'modernize-use-nullptr'
2018-01-04 12:24:57 +01:00
Gunnar Beutner
e3ad0be769
Apply clang-tidy fix 'modernize-use-auto'
2018-01-04 12:24:57 +01:00
Gunnar Beutner
ac155d1dda
Apply clang-tidy fix 'modernize-redundant-void-arg'
2018-01-04 12:24:57 +01:00
Michael Insel
158ae2188e
Change copyright header for 2018
2018-01-02 12:08:55 +01:00
Jean Flach
2636e6a77a
Whitespace fix
...
What does this change?
* Remove use of spaces for formatting
These could be found by using `grep -r -l -P '^\t+ +[^*]'
* Removal of training whitespaces
* A few lines longer than 120 chars
2017-12-20 14:53:52 +01:00
Gunnar Beutner
1ad83886ac
Replace a few more NULLs with nullptr
2017-12-14 15:37:20 +01:00
Gunnar Beutner
42744fde5b
Remove extraneous whitespace
2017-12-14 08:50:09 +01:00
Gunnar Beutner
6d09efc907
Use std::shared_ptr instead of boost::shared_ptr
2017-11-30 17:41:00 +01:00
Gunnar Beutner
6b3931973e
Merge pull request #5555 from Icinga/feature/ecc-certs
...
Implement support for ECC certificates
2017-11-27 15:11:04 +01:00
Michael Friedrich
9a04a99400
Merge pull request #5554 from Icinga/feature/cn-check-for-san
...
Add subjectAltName extension for all non-CA certificates
2017-10-10 17:50:01 +02:00
Gunnar Beutner
774936bfe8
Implement support for pki::UpdateCertificate messages
...
refs #5450
2017-09-12 12:52:49 +02:00
Gunnar Beutner
0ec07bce51
Implement support for updating client certificates
...
refs #5450
2017-09-12 12:52:49 +02:00
Gunnar Beutner
abdd4b307b
Implement the 'ca list' and 'ca sign' CLI commands
...
refs #5450
2017-09-12 12:52:49 +02:00
Gunnar Beutner
510e2d622a
Implement support for ticket-less certificate requests
...
refs #5450
2017-09-12 12:52:49 +02:00
Gunnar Beutner
10691db5b1
Implement support for ECC certificates
2017-09-06 12:29:30 +02:00
Gunnar Beutner
3385122bc3
Add subjectAltName extension for all non-CA certificates
2017-09-06 12:25:36 +02:00
Michael Friedrich
79c45ea811
Build fix for OpenSSL 0.9.8 and stack_st_X509_EXTENSION
2017-05-26 13:16:20 +02:00
Gunnar Beutner
b366483466
Add subjectAltName X509 ext for certificate requests
2017-05-11 15:38:17 +02:00
Gunnar Beutner
0c25d14d0c
Fix crash in SHA1
...
refs #4991
2017-03-29 10:17:03 +02:00
Michael Friedrich
0b466aabc0
Start working on checksum config dump
...
refs #4991
2017-03-29 10:17:03 +02:00