Cedric Staub
Cedric Staub
This should be good now. Please re-open if it's now.
This is kinda possible now (on latest master) using OPA policies & reloading. You'll have to translate your flags into a policy file, but after that you can edit the...
Will do. Docs on OPA policies are here for anyone who's interested in this feature: https://github.com/ghostunnel/ghostunnel/blob/master/docs/ACCESS-FLAGS.md
Latest release of Ghostunnel uses spiffe/go-spiffe v2.1.1 now. Is there anything else that needs to be done for this?
Should be in Homebrew now: https://formulae.brew.sh/formula/ghostunnel Thanks to whoever submitted this!
We don't support `verify` on cert requests (CSRs) at the moment, only on (issued) certificates. We should probably fix the output/error handling though. Out of curiosity, what kind of verification...
Neat. Sidenote that FTPS can be implicit/explicit. Also some servers do weird nonsense like using the same TLS session across both control/data TCP connections.
Yeah, that'd nice. We could get it for free if we migrate to using kingpin for flags, I think.
Hi @stefanberger, that code looks pretty good! Instead of testing with a live KMIP server, maybe just mock out those parts of it? Then we can at least test the...
I was thinking we could mock out the client library itself, not the server, so it just tests the code in go-jose. But actually that might be tricky too, not...