bareos: master 26ae9991
| Author | Committer | Branch | Timestamp | Parent | |
|---|---|---|---|---|---|
| master | 2013-05-04 21:11 | master dff7954e | Pending | ||
| Affected Issues | 0000122: Allow for relaxed TLS configuration. | ||||
| Changeset | Allow for relaxed TLS configuration. Current the verify_peer flag is hardcoded to true for the console programs. It would be nice if we would allow a somewhat relaxed TLS mode that allows to establish a TLS connection without the need for very strict certificate checking which is done now. The default setting is the same as before but the administrator can relax this setting by setting the "TLS Verify Peer" option to false in a definition of the client connection. This doesn't have severe security implications as the authorization with challenge response (md5 hashes) is done before the TLS handshake. So this means you can have the same security as a non TLS connection but with a relaxed config which means you get a encrypted datastream even when you haven't put the whole certificate enrollment in place e.g. CA certificate and potentially client certificates. Protocols like LDAPS and ESMTP also allow this. This is also the first version of the GNUTLS code that allows an TLS encrypted session with the GNUTLS library as a replacement for the openssl code. This currently is only tested with the relaxed TLS configuration options set e.g. TLS Verify Peer = no Fixes 0000122: Allow for relaxed TLS configuration. |
||||
| mod - src/stored/stored_conf.h | Diff File | ||||
| mod - src/qt-console/bcomm/dircomm.cpp | Diff File | ||||
| mod - src/qt-console/bat_conf.h | Diff File | ||||
| mod - src/qt-console/bat_conf.cpp | Diff File | ||||
| mod - src/lib/tls_openssl.c | Diff File | ||||
| mod - src/lib/tls_nss.c | Diff File | ||||
| mod - src/lib/tls_gnutls.c | Diff File | ||||
| mod - src/filed/filed_conf.h | Diff File | ||||
| mod - src/filed/filed_conf.c | Diff File | ||||
| mod - src/filed/filed.c | Diff File | ||||
| mod - src/dird/dird_conf.h | Diff File | ||||
| mod - src/console/console_conf.h | Diff File | ||||
| mod - src/console/console_conf.c | Diff File | ||||
| mod - src/console/console.c | Diff File | ||||
| mod - autoconf/configure.in | Diff File | ||||
