Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request : Add TLS auth support #51

Open
toxic0berliner opened this issue Jul 6, 2023 · 0 comments
Open

Feature Request : Add TLS auth support #51

toxic0berliner opened this issue Jul 6, 2023 · 0 comments

Comments

@toxic0berliner
Copy link

Hello,

I wish to be able to pass a user certificate as well as the intermediate (and CA certificates ?) for this bouncer to be able to login to the LAPI using the provided user certificate.
This way it allows to auto-&acceptregister the bouncer instead of having to generate an api key or approve the bouncer.

new environment variables could be

  • CROWDSEC_BOUNCER_CERT_FILE path to the client cert file inside the container (mounted with volume or other secrets mechanisms)
  • CROWDSEC_BOUNCER_KEY_FILE path to the client cert key file inside the container (mounted with volume or other secrets mechanisms)
  • CROWDSEC_CACERT_FILE path to the trust authority signing the server certificate.

I'm not entirely sure why/how but I was expecting the above proposed CROWDSEC_CACERT_FILE to already be mandatory to use https for the LAPI when using a custom CA, but somehow this bouncer seems to accept my self-signed CA even though I did not do anything to tell him about my CA... I believe this means somewhere there is something trusting any provided certificate, probably not the best...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@toxic0berliner