Kea issueshttps://gitlab.isc.org/isc-projects/kea/-/issues2022-05-30T09:05:47Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/2378Add a callout point in HttpConnection::recordParameters2022-05-30T09:05:47ZFrancis DupontAdd a callout point in HttpConnection::recordParametersThe RBAC (#1263) role assignment can be extended using the custom value, a free member of HTTP request objects which comes with remote address, certification subject and issuer name, etc. The idea is to prepend a dedicated hook at the au...The RBAC (#1263) role assignment can be extended using the custom value, a free member of HTTP request objects which comes with remote address, certification subject and issuer name, etc. The idea is to prepend a dedicated hook at the auth callout point which for instance implements 'you need a TLS cert AND you need to connect from specific IP' by setting a custom value and configure RBAC to assign the role from it.
Now at the auth callout point all available informations are in the HTTP request object. This can be enough or not. The idea in this ticket is to get more information from the HttpConnection object including the Transaction sub-object. Perhaps it is an illusion as for instance TLS details are not available mainly because the TLS socket depends on the crypto backend...
So I propose to wait for a concrete customer request which can be only solved by such new callout point.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1798Remove TLS stream clear operation2021-05-14T18:10:29ZFrancis DupontRemove TLS stream clear operationThe idea is to improve the HTTPS client part: currently it relies on the SSL_clear function which both is deeply against the TLS spirit and works only for OpenSSL 1.1.
Related to #1706 and #1665The idea is to improve the HTTPS client part: currently it relies on the SSL_clear function which both is deeply against the TLS spirit and works only for OpenSSL 1.1.
Related to #1706 and #1665kea1.9.8Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/1794TLS shutdown2022-05-30T11:29:08ZFrancis DupontTLS shutdownRelated to #1661 and #1706: TLS has a notion of orderly named TLS shutdown we can use or not.Related to #1661 and #1706: TLS has a notion of orderly named TLS shutdown we can use or not.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1590Auth: logged user and command should be printed on dedicated logger2021-05-05T16:35:44ZTomek MrugalskiAuth: logged user and command should be printed on dedicated loggerAs requested by @vicky in https://gitlab.isc.org/isc-projects/stork/-/issues/353#note_164884, we need a dedicated logger. This logger should provide at least two pieces of information: which command was authorized and the username of the...As requested by @vicky in https://gitlab.isc.org/isc-projects/stork/-/issues/353#note_164884, we need a dedicated logger. This logger should provide at least two pieces of information: which command was authorized and the username of the user who authorized it.kea1.9.8Tomek MrugalskiTomek Mrugalski