Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add parameters needed for PKI usage. #7907

Merged
merged 1 commit into from Oct 29, 2020
Merged

Add parameters needed for PKI usage. #7907

merged 1 commit into from Oct 29, 2020

Conversation

JochenFriedrich
Copy link
Contributor

@JochenFriedrich JochenFriedrich commented Mar 11, 2020
edited by Al2Klimov

fixes #6552

To use PKI with nrpe, a CA must be specified and anonymous DH must be disabled.
If client certificates are enforced by nrped, additionally a private cert and key
must be specified. This patch adds all these parameters as well TLS configuration
options to limit the TLS version and crypto parameters:

nrpe_ca - The CA file to use for PKI. Defaults to none.
nrpe_cert - The client cert file to use for PKI. Defaults to none.
nrpe_key - The client key file to use for PKI. Defaults to none.
nrpe_ssl_version - The SSL/TLS version to use. Defaults to TLSv1+.
nrpe_cipher_list - The list of SSL ciphers to use. Default depends on check_nrpe version.
nrpe_dh_opt - Anonymous Diffie Hellman use: 0 = deny, 1 = allow, 2 = force.
Default depends on check_nrpe version.

Al2Klimov
Al2Klimov reviewed Mar 16, 2020
View reviewed changes
Copy link
Member

@Al2Klimov Al2Klimov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Matches this one:

https://github.com/NagiosEnterprises/nrpe/blob/2a169624b7dbfb3c2b29abf19ab0cf7532b04e6f/src/check_nrpe.c#L705-L788

Al2Klimov
Al2Klimov requested changes Mar 16, 2020
View reviewed changes
itl/command-plugins.conf Show resolved Hide resolved
@JochenFriedrich
Add parameters needed for PKI usage.
83977c5 
To use PKI with nrpe, a CA must be specified and anonymous DH must be disabled.
If client certificates are enforced by nrped, additionally a private cert and key
must be specified. This patch adds all these parameters as well TLS configuration
options to limit the TLS version and crypto parameters:

nrpe_ca          - The CA file to use for PKI. Defaults to none.
nrpe_cert        - The client cert file to use for PKI. Defaults to none.
nrpe_key         - The client key file to use for PKI. Defaults to none.
nrpe_ssl_version - The SSL/TLS version to use. Defaults to TLSv1+.
nrpe_cipher_list - The list of SSL ciphers to use. Default depends on check_nrpe version.
nrpe_dh_opt      - Anonymous Diffie Hellman use: 0 = deny, 1 = allow, 2 = force.
                   Default depends on check_nrpe version.
@Al2Klimov Al2Klimov added this to the 2.13.0 milestone Mar 16, 2020
@Al2Klimov Al2Klimov added this to To review in v2.13.0 merge window Mar 16, 2020
@Al2Klimov Al2Klimov moved this from To review to Done in v2.13.0 merge window Mar 26, 2020
@Al2Klimov Al2Klimov moved this from Approved to To review in v2.13.0 merge window Oct 29, 2020
v2.13.0 merge window automation moved this from To review to Approved Oct 29, 2020
@Al2Klimov Al2Klimov merged commit db6dd60 into Icinga:master Oct 29, 2020
v2.13.0 merge window automation moved this from Approved to Merged Oct 29, 2020
@JochenFriedrich JochenFriedrich deleted the feature/nrpe-args branch October 30, 2020 01:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@julianbrost julianbrost julianbrost approved these changes

@Al2Klimov Al2Klimov Al2Klimov approved these changes

Assignees
No one assigned
Labels
None yet
Projects
No open projects
v2.13.0 merge window
  
Merged
Milestone
2.13.0
Development

Successfully merging this pull request may close these issues.

Feature request: specify ssl-version with NRPE CheckCommand
3 participants
@JochenFriedrich @julianbrost @Al2Klimov