Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enabled SSL in vault #444

Merged
merged 1 commit into from
May 17, 2024
Merged

Enabled SSL in vault #444

merged 1 commit into from
May 17, 2024

Conversation

ashu3103
Copy link
Contributor

@ashu3103 ashu3103 commented May 11, 2024
edited

WORK IN PROGRESS

Main Feature

@jesperpedersen PTAL.

The main objective of this commit is to enable SSL feature for the vault i.e. establishing secure SSL connections between the vault HTTP server and the management port of pgagroal.

@jesperpedersen jesperpedersen self-requested a review May 12, 2024 06:12
@jesperpedersen jesperpedersen added the feature New feature label May 12, 2024
@jesperpedersen
Copy link
Collaborator

@ashu3103 The bug fix should be a separate pull request

@ashu3103
Copy link
Contributor Author

@ashu3103 The bug fix should be a separate pull request

Done!

@ashu3103
Copy link
Contributor Author

Kindly first merge the bug-fix commit then I'll rebase this.

@ashu3103
Copy link
Contributor Author

@jesperpedersen PTAL

jesperpedersen
jesperpedersen requested changes May 14, 2024
View reviewed changes
src/libpgagroal/management.c
@@ -489,6 +489,7 @@ pgagroal_management_get_password(SSL* ssl, int fd, char* username, char* pass)
char buf[4];
int* password_length = NULL;
char password[MAX_PASSWORD_LENGTH];
char buffer[strlen(username) + 4];
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is this 4 ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am sending strlen(username) + username to the remote in the same stream so first 4 bytes are for the length of username string and the last strlen(username) bytes for the username data that's why I have allocated strlen(username)+4 memory.

src/libpgagroal/management.c Outdated Show resolved Hide resolved
src/vault.c Outdated Show resolved Hide resolved
src/vault.c Outdated Show resolved Hide resolved
src/vault.c Outdated Show resolved Hide resolved
@jesperpedersen
Copy link
Collaborator

Aren't you missing the TLS properties in pgagroal-vault.conf for the [main] section ?

@ashu3103
Copy link
Contributor Author

Aren't you missing the TLS properties in pgagroal-vault.conf for the [main] section ?

While going through the code of cli.c and security.c I noticed that the TLS properties of the cli was defined in .pgagroal directory in the home_directory, so I have followed the same for the vault, The cert_file, key_file and root_file for the vault should be provided in .pgagroal directory.

@jesperpedersen
Copy link
Collaborator

Ok, but at least we need documentation for that - so doc/VAULT.md and doc/manual/user-12-vault.md

See doc/DEVELOPERS.md on how to enable the manuals...

@ashu3103
Copy link
Contributor Author

ashu3103 commented May 15, 2024
edited

Ok, but at least we need documentation for that - so doc/VAULT.md and doc/manual/user-12-vault.md

I have added the requirements on how to enable SSL in vault in doc/VAULT.md and doc/manual/user-12-vault.md. Also for now, I have kept the content same.

See doc/DEVELOPERS.md on how to enable the manuals...

I really can't find on how to handle manuals in doc/DEVELOPERS.md.

@ashu3103
Copy link
Contributor Author

Ok, but at least we need documentation for that - so doc/VAULT.md and doc/manual/user-12-vault.md

Can you brief what is the difference between both the files like why are we maintaining both if the content is almost similar as both of these are talking about configurations of vault.

@jesperpedersen
Copy link
Collaborator

Yes, currently the content will be the same - or almost - doc/VAULT.md is online focused, where as doc/manual/user-12-vault.md is focused on somebody who is reading the manual to get to know pgagroal as a whole

See https://github.com/agroal/pgagroal/blob/master/doc/DEVELOPERS.md#generate-user-and-developer-guide to make sure that the manuals are being generated during your build

@jesperpedersen
Copy link
Collaborator

Think of doc/VAULT.md as the guide for an advanced developer to setup the vault, and doc/manual/user-12-vault.md as the guide where step-by-step is needed

jesperpedersen
jesperpedersen requested changes May 16, 2024
View reviewed changes
src/vault.c Outdated Show resolved Hide resolved
@ashu3103
Copy link
Contributor Author

Think of doc/VAULT.md as the guide for an advanced developer to setup the vault, and doc/manual/user-12-vault.md as the guide where step-by-step is needed

Thanks :)

@jesperpedersen jesperpedersen merged commit 5f4cfc4 into agroal:master May 17, 2024
2 checks passed
@jesperpedersen
Copy link
Collaborator

Merged.

Thanks for your contribution !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jesperpedersen jesperpedersen jesperpedersen requested changes

Assignees

@ashu3103 ashu3103

Labels
feature New feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ashu3103 @jesperpedersen