pgagroal icon indicating copy to clipboard operation
pgagroal copied to clipboard

Published 20 hours ago verified publisher icon agroal

Enabled SSL in vault

Open ashu3103 opened this issue 9 months ago • 1 comments

WORK IN PROGRESS

Main Feature

@jesperpedersen PTAL.

The main objective of this commit is to enable SSL feature for the vault i.e. establishing secure SSL connections between the vault HTTP server and the management port of pgagroal.

Bug Fix

There is also a bug fix in this commit -

Now (uptill the latest commit), if we try to connect remotely to the management port from cli it will give error --> Segmentation fault (core dumped) because at line number 706 in cli.c :-

if (pgagroal_connect(host, atoi(port), &socket, config->keep_alive, config->non_blocking, &config->buffer_size, config->nodelay))

we were passing extra arguments to pgagroal_connect which comes from config which was not defined for remote connection sequence of execution as per the latest code.

So currently, remote connection functionality won't work!!

ashu3103 avatar May 11 '24 21:05 ashu3103

@ashu3103 The bug fix should be a separate pull request

jesperpedersen avatar May 12 '24 06:05 jesperpedersen

@ashu3103 The bug fix should be a separate pull request

Done!

ashu3103 avatar May 13 '24 17:05 ashu3103

Kindly first merge the bug-fix commit then I'll rebase this.

ashu3103 avatar May 13 '24 17:05 ashu3103

@jesperpedersen PTAL

ashu3103 avatar May 13 '24 21:05 ashu3103

Aren't you missing the TLS properties in pgagroal-vault.conf for the [main] section ?

jesperpedersen avatar May 14 '24 11:05 jesperpedersen

Aren't you missing the TLS properties in pgagroal-vault.conf for the [main] section ?

While going through the code of cli.c and security.c I noticed that the TLS properties of the cli was defined in .pgagroal directory in the home_directory, so I have followed the same for the vault, The cert_file, key_file and root_file for the vault should be provided in .pgagroal directory.

ashu3103 avatar May 14 '24 13:05 ashu3103

Ok, but at least we need documentation for that - so doc/VAULT.md and doc/manual/user-12-vault.md

See doc/DEVELOPERS.md on how to enable the manuals...

jesperpedersen avatar May 14 '24 15:05 jesperpedersen

Ok, but at least we need documentation for that - so doc/VAULT.md and doc/manual/user-12-vault.md

I have added the requirements on how to enable SSL in vault in doc/VAULT.md and doc/manual/user-12-vault.md. Also for now, I have kept the content same.

See doc/DEVELOPERS.md on how to enable the manuals...

I really can't find on how to handle manuals in doc/DEVELOPERS.md.

ashu3103 avatar May 15 '24 14:05 ashu3103

Ok, but at least we need documentation for that - so doc/VAULT.md and doc/manual/user-12-vault.md

Can you brief what is the difference between both the files like why are we maintaining both if the content is almost similar as both of these are talking about configurations of vault.

ashu3103 avatar May 15 '24 14:05 ashu3103

Yes, currently the content will be the same - or almost - doc/VAULT.md is online focused, where as doc/manual/user-12-vault.md is focused on somebody who is reading the manual to get to know pgagroal as a whole

See https://github.com/agroal/pgagroal/blob/master/doc/DEVELOPERS.md#generate-user-and-developer-guide to make sure that the manuals are being generated during your build

jesperpedersen avatar May 15 '24 14:05 jesperpedersen

Think of doc/VAULT.md as the guide for an advanced developer to setup the vault, and doc/manual/user-12-vault.md as the guide where step-by-step is needed

jesperpedersen avatar May 15 '24 14:05 jesperpedersen

Think of doc/VAULT.md as the guide for an advanced developer to setup the vault, and doc/manual/user-12-vault.md as the guide where step-by-step is needed

Thanks :)

ashu3103 avatar May 16 '24 20:05 ashu3103

Merged.

Thanks for your contribution !

jesperpedersen avatar May 17 '24 13:05 jesperpedersen