Philip O'Toole
3e84139290
Default to mutual TLS off for node-to-node
2 years ago
Philip O'Toole
27839b53f7
ABL
2 years ago
Philip O'Toole
ff31decd79
CHANGELOG and README
2 years ago
Philip O'Toole
b79ed46924
Cleaner flags
2 years ago
Philip O'Toole
42adb8951b
ABL
2 years ago
Philip O'Toole
42f0eeedf0
Better node mux logging
2 years ago
Philip O'Toole
b9931cbebf
Ignore temp data dirs
2 years ago
Philip O'Toole
cb1b398f76
ABL
2 years ago
Philip O'Toole
68c7bc41b9
Remove deprecated functions
2 years ago
Philip O'Toole
069db5dc05
Unit test TLS config creation
2 years ago
Philip O'Toole
3d31d22de6
Implement -http-verify-client
2 years ago
Philip O'Toole
72b47fa19b
Simpler logic
2 years ago
Philip O'Toole
89c3dfaa2e
Force Joiner to use HTTP/2
2 years ago
Philip O'Toole
afdaa8dc20
Improve comments
2 years ago
Philip O'Toole
d8982d044e
Consolidate TLS config creation
2 years ago
Philip O'Toole
ec939ec383
More ABL
2 years ago
Philip O'Toole
a601801c6d
ABL
2 years ago
Philip O'Toole
bf22fa5743
Even better variable names
2 years ago
Philip O'Toole
f7946502b4
Clearer variable names for HTTP x509
2 years ago
Philip O'Toole
11ed5731d6
Fix up x509 command-line flags
2 years ago
Philip O'Toole
ba39227c93
Move to a single cert-key pair for nodes
2 years ago
Philip O'Toole
50d70b547e
Fix system-level tests
2 years ago
Philip O'Toole
a3fc60b9b5
Fix last TCP dialer test
2 years ago
Philip O'Toole
54e649c341
More TLS unit test fixes
2 years ago
Philip O'Toole
de0d0f63ad
Fix HTTP no-verify of client certs
2 years ago
Philip O'Toole
e3698807a0
Update help
2 years ago
Philip O'Toole
673fd8cade
More use of central TLS config
2 years ago
Philip O'Toole
c8231596ac
Use central TLS config creation
2 years ago
Philip O'Toole
d8cf1ec2e9
Package-level GoDoc
2 years ago
Philip O'Toole
9e1f6c0a76
tls -> rtls
2 years ago
Philip O'Toole
eaeb4bd073
Rename tls package to rtls
2 years ago
Philip O'Toole
306147862a
Centralize TLS config helpers
2 years ago
Philip O'Toole
cf29dd106a
More flag options
2 years ago
Philip O'Toole
da3079bec9
Better flags help
2 years ago
Philip O'Toole
7af5666056
Actually enable inter-node client cert checking
2 years ago
Philip O'Toole
9ce28ca5a1
Fix TLS tests
2 years ago
Philip O'Toole
8225ff838c
Fix mutual TLS testing
...
All certs in chain needed to have ExtKeyUsageClientAuth set.
2 years ago
Philip O'Toole
6dbe180bff
Confirm everything works when verify=false
...
But this isn't affecting the HTTP server, so fails client verification.
HTTP TLS config getting complicated, feels like it needs a dedicated
config object now.
2 years ago
Philip O'Toole
7852b27dcb
mTLS unit tests
...
Client cert not trusted yet.
2 years ago
Philip O'Toole
05a7663a93
Actually enable HTTP client cert verification
2 years ago
Philip O'Toole
39259bca8a
Start mutual TLS testing
...
Lots of boilerplate moving from PEMs, to certs, to bytes. Factor it out.
2 years ago
Philip O'Toole
eab0fc60ee
Fix test
2 years ago
Philip O'Toole
5a7a2f3102
Start testing with on-the-fly certs
2 years ago
Philip O'Toole
828acadb0c
Move HTTP TLS testing to own file
2 years ago
Philip O'Toole
22755d7136
Remove rogue file
2 years ago
Philip O'Toole
fed557c77a
More cleanup
2 years ago
Philip O'Toole
220c3f9243
More tidy-up
2 years ago
Philip O'Toole
197b59d481
Tidy up
2 years ago
Philip O'Toole
be44683dfa
Initial TLS utilities
2 years ago
Philip O'Toole
fdb97ff1ba
Merge pull request #1164 from rqlite/go-120
...
CircleCI testing using Go 1.20
2 years ago