Add TLS certificate assets #585
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This adds the basic tables and GET_... GMP command to handle TLS certificates as separate assets outside the report host details.
This allows adding a new TLS certificate from a certificate file.
This adds the columns md5_fingerprint, activation_time and expiration_time to tls certificates.
This adds an output parameter to the get_certificate_info function which is used by create_tls_certificate to get the subject DN.
This fixes a few mistakes in the function documentation of get_certificate_info, create_tls_certificate and copy_tls_certificate.
This fixes some issues that prevented copy_tls_certificate from working, adds the delete_tls_certificate GMP command and other functions related to deleting for TLS certificates.
The case for invalid certificate content was missing.
The trust can be optionally set in both create_tls_certificate and modify_tls_certificate.
The activation_time and expiration_time have special cases for "unknown" and "unlimited" to be considered in the GMP elements and filters.
This adds documentation for the commands create_tls_certificate get_tls_certificates and modify_tls_certificate.
The certificate must not be empty for create_tls_certificate and modify_tls_certificate.
The commands create_tls_certificate and modify_tls_certificate now expect the certificate in Base64 encoding, so the DER format can be used in addition to PEM.
The size of the certificate datum has to be set after truncation and certificate_len is used before that. If certificate_len < 0 and the certificate does not look PEM-encoded, the function will return and not try to determine the size with strlen.
The certificate_format parameter was listed with the wrong name.
The format (DER or PEM) can help clients determine the MIME content type of the decoded certificate.
The certificate element in the get_tls_certificates response will only contain the Base64 content if details are requested.
mattmundell
requested changes
Jun 21, 2019
This fixes some typos, formatting issue and copy-paste errors in the new code for handling TLS certificates.
mattmundell
approved these changes
Jun 21, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.