Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QSP-4 Use Self-Signed, Secure gRPC Connection by Default #6428

Closed
wants to merge 4 commits into from
Closed

QSP-4 Use Self-Signed, Secure gRPC Connection by Default #6428

wants to merge 4 commits into from

Conversation

rauljordan
Copy link
Contributor

@rauljordan rauljordan commented Jun 26, 2020
edited

What type of PR is this?

Feature

What does this PR do? Why is it needed?

Currently, beacon nodes set up an insecure gRPC connection by default unless cert and key flags are passed in. Our security audit instead recommended setting up encrypted communications by default. This PR creates self-signed certificates in datadir/cert.pem and datadir/key.pem when running a beacon node with default options. The beacon node then spins up a gRPC server using TLS configuration with this self-signed cert. The validator client then attempts to connect via TLS. Since it cannot verify the certificate authority properly (as it is self-signed), it will connect with an encrypted connection despite failing certificate authority verification.

Which issues(s) does this PR fix?

Part of #6327

@terencechain terencechain mentioned this pull request Jun 26, 2020
Closed
61 tasks
@rauljordan rauljordan marked this pull request as ready for review June 27, 2020 02:44
@rauljordan rauljordan requested a review from a team as a code owner June 27, 2020 02:44
@rauljordan rauljordan self-assigned this Jun 27, 2020
@rauljordan rauljordan added the Ready For Review A pull request ready for code review label Jun 27, 2020
@rauljordan rauljordan marked this pull request as draft June 27, 2020 02:51
@rauljordan rauljordan removed the Ready For Review A pull request ready for code review label Jun 27, 2020
@stale
Copy link

stale bot commented Jul 4, 2020

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the Stale There hasn't been any activity here in some time... label Jul 4, 2020
@stale
Copy link

stale bot commented Jul 11, 2020

This pull request has been closed due to inactivity. Please reopen this pull request if you would like to continue working on it.

@stale stale bot closed this Jul 11, 2020
@nisdas nisdas reopened this Jul 11, 2020
@nisdas
Copy link
Member

nisdas commented Jul 11, 2020
edited

@rauljordan re-opened this, please resolve tests and conflicts

@nisdas
Copy link
Member

nisdas commented Jul 11, 2020

sorry, I just realised this was marked back to a draft, is this still relevant ?

@stale
Copy link

stale bot commented Jul 18, 2020

This pull request has been closed due to inactivity. Please reopen this pull request if you would like to continue working on it.

@stale stale bot closed this Jul 18, 2020
@rauljordan rauljordan deleted the default-self-signed-certs branch October 13, 2020 15:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@farazdagi farazdagi Awaiting requested review from farazdagi

@terencechain terencechain Awaiting requested review from terencechain

@nisdas nisdas Awaiting requested review from nisdas

@0xKiwi 0xKiwi Awaiting requested review from 0xKiwi

@prestonvanloon prestonvanloon Awaiting requested review from prestonvanloon

@shayzluf shayzluf Awaiting requested review from shayzluf

Assignees

@rauljordan rauljordan

Labels
Stale There hasn't been any activity here in some time...
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@rauljordan @nisdas