Security Enhancements #510
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hi @codenrhoden, I accidentally pushed this branch to the upstream repo hence the forever-failed build (linked to that repo). The PR build is passing however. |
akutz
force-pushed
the
feature/auth-files
branch
2 times, most recently
from
206776f to
2edd739
Compare
Codecov Report
@@ Coverage Diff @@
## master #510 +/- ##
==========================================
- Coverage 30.77% 30.07% -0.71%
==========================================
Files 33 33
Lines 2008 2125 +117
==========================================
+ Hits 618 639 +21
- Misses 1318 1414 +96
Partials 72 72
Continue to review full report at Codecov.
|
akutz
force-pushed
the
feature/auth-files
branch
8 times, most recently
from
8485e73 to
9d266da
Compare
This patch enhances libStorage security: * If discovered in '$LIBSTORAGE_HOME_TLS' the following files are automatically loaded: * `libstorage.crt` * `libstorage.key` * `cacerts` * If `$LIBSTORAGE_HOME_ETC_TLS/known_hosts` exists it is automatically loaded unless the property `libstorage.tls.knownHosts` is explicitly defined. This is the system's `known_hosts` file. * If `$HOME/.libstorage/known_hosts` exists it is automatically used when TLS security is set to verify peer certificates. This is the user's `known_hosts` file. * The above `known_hosts` files are line-delimited with each line following the format: 'HOST ALGORITHM FINGERPRINT' * When matching a remote host's known host information the peer's host (derived from the certificate's Subject.CommonName) is also taken into account. Thus if a host is marked as trusted but later provides a different certificate during TLS negotiation the connection will fail. This is identical to SSH's known host logic. * The property `libstorage.tls.verifyPeers` is introduced. It's a boolean flag that indicates TLS connections should be verified against a known list of peer certificate fingerprints in the system's and user's `known_hosts` files. Enabling this property also sets `libstorage.tls.insecure` to `true`. The connection will be encrypted, but the certificate verification is disabled and deferred to the peer verification. * The property `libstorage.tls` can now be set to a simple string value of `verifyPeers` to indicate TLS connections should be verified against the system's and user's `known_hosts` files.
akutz
force-pushed
the
feature/auth-files
branch
from
9d266da to
fffd5e5
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch enhances libStorage security:
If discovered in
$LIBSTORAGE_HOME_ETC_TLSthe following files are automatically loaded:libstorage.crtlibstorage.keycacertsIf
$LIBSTORAGE_HOME_ETC_TLS/known_hostsexists it is automatically loaded unless the propertylibstorage.tls.knownHostsis explicitly defined. This is the system'sknown_hostsfile.If
$HOME/.libstorage/known_hostsexists it is automatically used when TLS security is set to verify peer certificates. This is the user'sknown_hostsfile.The above
known_hostsfiles are line-delimited with each line following the format:HOST ALGORITHM FINGERPRINTWhen matching a remote host's known host information the peer's host (derived from the certificate's Subject.CommonName) is also taken into account. Thus if a host is marked as trusted but later provides a different certificate during TLS negotiation the connection will fail. This is identical to SSH's known host logic.
The property
libstorage.tls.verifyPeersis introduced. It's a boolean flag that indicates TLS connections should be verified against a known list of peer certificate fingerprints in the system's and user'sknown_hostsfiles.Enabling this property also sets
libstorage.tls.insecuretotrue. The connection will be encrypted, but the certificate verification is disabled and deferred to the peer verification.The property
libstorage.tlscan now be set to a simple string value ofverifyPeersto indicate TLS connections should be verified against the system's and user'sknown_hostsfiles.