Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support TLS for csub server and clients #1390

Merged
merged 1 commit into from Oct 13, 2023
Merged

Support TLS for csub server and clients #1390

merged 1 commit into from Oct 13, 2023

Conversation

dejanb
Copy link
Contributor

@dejanb dejanb commented Oct 12, 2023
edited

Description of the PR

Allow CollectSub gRPC server and clients to communicate over TLS.

To start a server with TLS enabled, you need to provide a certificate and key

./bin/guaccsub --csub-tls-cert-file ./ca.crt --csub-tls-key-file ./ca.key

Clients can use --csub-tls to enable encryption. Optionally, you can spoecify --csub-tls-skip-verify to disable server certificate verification (which is needed for self-signed certs).

bin/guacone csub-client  --csub-tls --csub-tls-skip-verify ...

PR Checklist

  • All commits have a Developer Certificate of Origin (DCO) -- they are generated using -s flag to git commit.
  • All new changes are covered by tests
  • If GraphQL schema is changed, make generate has been run
  • If collectsub protobuf has been changed, make proto has been run
  • All CI checks are passing (tests and formatting)
  • All dependent PRs have already been merged

@dejanb
Support TLS for csub server and clients
7109261 
Signed-off-by: Dejan Bosanac <dbosanac@redhat.com>
@pxp928 pxp928 requested a review from lumjjb October 12, 2023 19:12
lumjjb
lumjjb approved these changes Oct 12, 2023
View reviewed changes
Copy link
Contributor

@lumjjb lumjjb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks @dejanb for adding this!

pxp928
pxp928 approved these changes Oct 13, 2023
View reviewed changes
Copy link
Collaborator

@pxp928 pxp928 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@kodiakhq kodiakhq bot merged commit b540d46 into guacsec:main Oct 13, 2023
9 checks passed
dejanb added a commit to trustification/guac that referenced this pull request Jan 31, 2024
@dejanb
Support TLS for csub server and clients (guacsec#1390)
a88a557 
Signed-off-by: Dejan Bosanac <dbosanac@redhat.com>
dejanb added a commit to trustification/guac that referenced this pull request Jan 31, 2024
@dejanb
Support TLS for csub server and clients (guacsec#1390)
e552958 
Signed-off-by: Dejan Bosanac <dbosanac@redhat.com>
@lumjjb lumjjb mentioned this pull request May 1, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lumjjb lumjjb lumjjb approved these changes

@pxp928 pxp928 pxp928 approved these changes

@jeffmendoza jeffmendoza Awaiting requested review from jeffmendoza jeffmendoza is a code owner

Assignees
No one assigned
Labels
size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@dejanb @lumjjb @pxp928