Commit Graph

119 Commits

Author SHA1 Message Date
Michael Friedrich 06d0c3ea4e
Merge pull request #7843 from Icinga/feature/cli-pki-verify
CLI: Add `pki verify` command for better TLS certificate troubleshooting
2020-02-25 09:07:24 +01:00
Michael Friedrich fdb13d1b7d TlsUtility: Replace deprecated OpenSSL function with ASN1_STRING_get0_data() 2020-02-21 13:02:58 +01:00
Michael Friedrich 548eb933c9 TlsUtility: Add getters for version, signature algorithm, SANs 2020-02-17 17:42:20 +01:00
Henrik Triem 099cc5d8df
Merge pull request #7833 from Icinga/feature/version-build-info-openssl
CLI: Add OpenSSL version to 'Build' section in --version
2020-02-17 17:07:51 +01:00
Michael Friedrich 71c7eebe4e CLI: Add OpenSSL version to 'Build' section in --version
This helps to see against which OpenSSL version Icinga was built.
Inspired by #5572
2020-02-14 08:55:39 +01:00
Michael Friedrich a7436394cd TlsUtility: Add IsCa() function to verify given certificate being a CA certificate 2020-02-13 16:03:43 +01:00
Alexander A. Klimov ba1ce9c853 Replace std::shared_ptr<boost::asio::ssl::context> with Shared<boost::asio::ssl::context>::Ptr 2019-10-21 16:12:46 +02:00
Michael Friedrich 0fd2fc0a4f Only include SSL_CTX_set_ecdh_auto for OpenSSL < 1.1.0 2019-07-23 17:39:02 +02:00
Michael Friedrich 6682a427d4 TLS: Ensure to specify options in one place
`SetTlsProtocolminToSSLContext()` may have overridden
previous flags.

refs #7277

refs #7041
refs #7211
2019-07-15 13:29:55 +02:00
Michael Friedrich 524e2368be Respect OpenSSL 1.1.0 vs older 2019-07-12 14:56:08 +02:00
Michael Friedrich 32d288f243 TLS: Fetch the cipher list and log them for debugging 2019-07-12 14:39:17 +02:00
Alexander A. Klimov 6568017658 Use SSL_CTX_set_ecdh_auto only if available
refs #7280
2019-07-04 13:05:31 +02:00
Michael Friedrich 9c92368774 SSL Context: Explicitly load ECC ciphers on el7
Otherwise curl/nss as client won't be able to use the
new default cipher list.

fixes #7247
2019-06-18 14:58:19 +02:00
Michael Friedrich 146b337d4d
Merge pull request #7211 from Icinga/feature/asio-tls-version
Require TLS 1.2 for Cluster & REST API
2019-06-03 16:19:22 +02:00
Michael Friedrich d82c067555 Require TLS 1.2 for Cluster & REST API
refs #7041
2019-05-29 17:08:36 +02:00
Michael Friedrich ba44c3921c Quality: Remove old MakeSSLContext() interface 2019-05-28 13:03:34 +02:00
Elias Ohm e75f063552 bring some things in line
- account for documented buffer size openssl 1.1.x for error string (>=256 bytes)
- use nullptr instead of NULL
- fix/streamline null-checks
2019-05-09 00:22:24 +02:00
Jean Flach 9a0d894f10 Don't use deprecated RSA_generate_key
fixes #4635
2019-05-08 23:46:31 +02:00
Alexander A. Klimov 2615967e7f Make ApiListener#m_SSLContext a Boost ASIO SSL context 2019-04-01 11:40:14 +02:00
Michael Friedrich d14a88235d Replace Copyright header with a short version, part I
CLion -> replace in path
2019-02-25 14:48:22 +01:00
Michael Friedrich dab53448bc icinga.com: Update *.{h,c}pp 2018-10-18 09:27:04 +02:00
Gunnar Beutner e678fa1aa5 Refactor Application::*Const() 2018-08-13 15:27:05 +02:00
Markus Frosch 9fbc40615a Improve path handling in cmake and daemon 2018-08-07 14:10:26 +02:00
Michael Friedrich 2fd6709952 Remove ApiUser password_hash functionality
This affects and fixes

- Windows reload
- Config validation
- RHEL 7.5 OpenSSL memory corruption
- Hash algorithm, requested changes

refs #6378
refs #6279
refs #6278
2018-06-19 11:32:03 +02:00
Jean Flach 08a14cd136 Ensure that password hash generation from OpenSSL is atomic
This is supposed to solve a problem with segfaults caused by
race conditions withing the random byte generation of OpenSSL.

fixes #6279
2018-05-23 10:55:14 +02:00
Michael Friedrich 1102f60b43 Revert "Implement support for ECC certificates"
This reverts commit 10691db5b1.

refs #5555
refs #6200
2018-05-02 16:54:07 +02:00
Jean Flach 0a0795f09d Code style 2018-02-16 11:47:13 +01:00
Jean Flach 65a806f5dc Move new password functions into tlsutility 2018-02-15 13:09:22 +01:00
Jean Flach 92e2faaa08 Hash API password and comparison
fixes #4920
2018-02-15 13:09:22 +01:00
Gunnar Beutner f05459b40c Move inline functions to their .cpp files 2018-01-04 12:24:58 +01:00
Gunnar Beutner e0c350b8a5 Apply clang-tidy fix 'modernize-use-nullptr' 2018-01-04 12:24:57 +01:00
Gunnar Beutner e3ad0be769 Apply clang-tidy fix 'modernize-use-auto' 2018-01-04 12:24:57 +01:00
Gunnar Beutner ac155d1dda Apply clang-tidy fix 'modernize-redundant-void-arg' 2018-01-04 12:24:57 +01:00
Michael Insel 158ae2188e Change copyright header for 2018 2018-01-02 12:08:55 +01:00
Jean Flach 2636e6a77a Whitespace fix
What does this change?
* Remove use of spaces for formatting
These could be found by using `grep -r -l -P '^\t+ +[^*]'
* Removal of training whitespaces
* A few lines longer than 120 chars
2017-12-20 14:53:52 +01:00
Gunnar Beutner 1ad83886ac Replace a few more NULLs with nullptr 2017-12-14 15:37:20 +01:00
Gunnar Beutner 42744fde5b Remove extraneous whitespace 2017-12-14 08:50:09 +01:00
Gunnar Beutner 6d09efc907 Use std::shared_ptr instead of boost::shared_ptr 2017-11-30 17:41:00 +01:00
Gunnar Beutner 6b3931973e
Merge pull request #5555 from Icinga/feature/ecc-certs
Implement support for ECC certificates
2017-11-27 15:11:04 +01:00
Michael Friedrich 9a04a99400 Merge pull request #5554 from Icinga/feature/cn-check-for-san
Add subjectAltName extension for all non-CA certificates
2017-10-10 17:50:01 +02:00
Gunnar Beutner 774936bfe8 Implement support for pki::UpdateCertificate messages
refs #5450
2017-09-12 12:52:49 +02:00
Gunnar Beutner 0ec07bce51 Implement support for updating client certificates
refs #5450
2017-09-12 12:52:49 +02:00
Gunnar Beutner abdd4b307b Implement the 'ca list' and 'ca sign' CLI commands
refs #5450
2017-09-12 12:52:49 +02:00
Gunnar Beutner 510e2d622a Implement support for ticket-less certificate requests
refs #5450
2017-09-12 12:52:49 +02:00
Gunnar Beutner 10691db5b1 Implement support for ECC certificates 2017-09-06 12:29:30 +02:00
Gunnar Beutner 3385122bc3 Add subjectAltName extension for all non-CA certificates 2017-09-06 12:25:36 +02:00
Michael Friedrich 79c45ea811 Build fix for OpenSSL 0.9.8 and stack_st_X509_EXTENSION 2017-05-26 13:16:20 +02:00
Gunnar Beutner b366483466 Add subjectAltName X509 ext for certificate requests 2017-05-11 15:38:17 +02:00
Gunnar Beutner 0c25d14d0c Fix crash in SHA1
refs #4991
2017-03-29 10:17:03 +02:00
Michael Friedrich 0b466aabc0 Start working on checksum config dump
refs #4991
2017-03-29 10:17:03 +02:00