feat: implement mTLS for Pgproto (!1251) · Merge requests · core / picodata · GitLab

Snippets Groups Projects

Merged Roman Kuzmin requested to merge kuzmin/pgproto-mtls into master 7 months ago

Для активации mTLS:

Значение параметра конфигурации instance.pg.ssl = true
В data-директорию инстанса, в дополнение к server.crt и server.key, положить ca.crt в формате PEM.

В результате сервер будет принимать подключения только от тех клиентов, кто предоставил сертификат и чей сертификат был подписан ca.crt или его производными.

Если ca.crt отсутствует в data-директории, то проверка peer-сертификатов не выполняется.

Close #878 (closed)
Cherry-pick to: none
Docs follow-up: docs#339 (closed)

Edited 7 months ago by Yaroslav Dynnikov

Activity

Roman Kuzmin added 1 deleted label 7 months ago

added 1 deleted label
Roman Kuzmin assigned to @roman.kuzmin 7 months ago

assigned to @roman.kuzmin
Roman Kuzmin unassigned @roman.kuzmin 7 months ago

unassigned @roman.kuzmin
Roman Kuzmin added 1 commit 7 months ago
added 1 commit

ced3b475 - fix: python linter warnings

Compare with previous version
Roman Kuzmin changed the description 7 months ago

changed the description
Roman Kuzmin added 1 commit 7 months ago
added 1 commit

9ca7147c - fix: pgroto/ssl_test.py (succeedes locally, but fails in pipeline)

Compare with previous version
Roman Kuzmin changed the description 7 months ago

changed the description
Roman Kuzmin added 1 commit 7 months ago
added 1 commit

f7be1986 - fix pipeline tests, next try

Compare with previous version
Dmitry Ivanov requested review from @UngiftedPoet 7 months ago

requested review from @UngiftedPoet
Maksim Kaitmazian mentioned in merge request !1245 (merged) 7 months ago

mentioned in merge request !1245 (merged)
Georgy Moshkin @gmoshkin · 7 months ago

Maintainer

Resolved 7 months ago by Roman Kuzmin

Сделайте пожалуйста rebase поверх мастера. Мы не мёржим мастер в ветки

Last reply by Roman Kuzmin 7 months ago
Dmitry Ivanov @funbringer · 7 months ago

Maintainer

Resolved 7 months ago by Roman Kuzmin

Предлагаю чуть подробнее написать в changelog об этой фиче. Упомянуть флаг и историю с сертификатами.

Last reply by Roman Kuzmin 7 months ago
Georgy Moshkin @gmoshkin started a thread on an outdated change in commit f7be1986 7 months ago

Resolved 7 months ago by Roman Kuzmin
Last reply by Yaroslav Dynnikov 7 months ago

Roman Kuzmin added 5 commits 7 months ago

added 5 commits

32507088 - fix: expose cancel token's constructor and handle
a6796932 - fix: python linter warnings
cb0a8ed7 - fix: pgroto/ssl_test.py (succeedes locally, but fails in pipeline)
f8b4544b - fix pipeline tests, next try
36f2a550 - update changelog

Compare with previous version

Toggle commit list

Roman Kuzmin added 1 commit 7 months ago

added 1 commit

4ebf0dc7 - feat: update prerequisites for ubuntu 22.04

Compare with previous version

Roman Kuzmin added 7 commits 7 months ago

added 7 commits

4ebf0dc7...b127332b - 2 commits from branch master
5a22ffb4 - issue #878 (closed)
f7a8cc86 - fix: python linter warnings
49c68b53 - fix: pgroto/ssl_test.py (succeedes locally, but fails in pipeline)
1aee58e6 - fix pipeline tests, next try
da41799b - update changelog

Compare with previous version

Toggle commit list

Roman Kuzmin added 6 commits 7 months ago

added 6 commits

2e89c858 - 1 commit from branch master
c8c304f7 - issue #878 (closed)
37b69d0a - fix: python linter warnings
f38f695e - fix: pgroto/ssl_test.py (succeedes locally, but fails in pipeline)
c44fb540 - fix pipeline tests, next try
f3d7a0bd - update changelog

Compare with previous version

Toggle commit list

Maksim Kaitmazian added 1 commit 7 months ago

added 1 commit

51222d04 - chore(tests): change pgproto server host to 127.0.0.1

Compare with previous version

Maksim Kaitmazian @UngiftedPoet · 7 months ago

Maintainer

Resolved 7 months ago by Roman Kuzmin

Спасибо за патч!

Засквошь, пожалуйста, свои коммиты во что-то типа feat(pgproto): support mTLS.
Last reply by Roman Kuzmin 7 months ago

Please register or sign in to reply