Jeff Mitchell
f7147025dd
Migrate to sdk/internalshared libs in go-secure-stdlib ( #12090 )
...
* Swap sdk/helper libs to go-secure-stdlib
* Migrate to go-secure-stdlib reloadutil
* Migrate to go-secure-stdlib kv-builder
* Migrate to go-secure-stdlib gatedwriter
2021-07-15 20:17:31 -04:00
Lars Lehtonen
42759b5a5f
command: deprecate errwrap.Wrapf() ( #11744 )
2021-06-02 09:22:31 -04:00
Brian Kassouf
303c2aee7c
Run a more strict formatter over the code ( #11312 )
...
* Update tooling
* Run gofumpt
* go mod vendor
2021-04-08 09:43:39 -07:00
Brian Kassouf
84dbca38a1
Revert "Migrate internalshared out ( #9727 )" ( #10141 )
...
This reverts commit ee6391b691ac12ab6ca13c3912404f1d3a842bd6.
2020-10-13 16:38:21 -07:00
Jeff Mitchell
e6881c8147
Migrate internalshared out ( #9727 )
...
* Migrate internalshared out
* fix merge issue
* fix merge issue
* go mod vendor
Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
2020-10-12 11:56:24 -07:00
Jeff Mitchell
1d3d89e2aa
Create configutil and move some common config and setup functions there ( #8362 )
2020-05-14 09:19:27 -04:00
Jeff Mitchell
844b2c3a5d
Bump API/SDK and adapt to move from SDK stuff
2020-02-15 14:58:05 -05:00
Jeff Mitchell
86327b8010
Bump api/sdk and fix imports
2020-02-13 10:41:16 -05:00
Vishal Nayak
f7907c2809
Agent: Listener refactoring and socket file system permissions ( #6397 )
...
* Listener refactoring and file system permissions
* added listenerutil and move some common code there
* Added test for verifying socket file permissions
* Change default port of agent to 8200
* address review feedback
* Address review feedback
* Read socket options from listener config
2019-03-14 11:53:14 -07:00
Michel Vocks
f2d022ac20
Print warning when 'tls_cipher_suites' includes blacklisted cipher suites ( #6300 )
...
* Implemented a warning when tls_cipher_suites includes only cipher suites which are not supprted by the HTTP/2 spec
* Added test for cipher suites
* Added hard fail on startup when all defined cipher suites are blacklisted. Added warning when some ciphers are blacklisted.
* Replaced hard failure with warning. Removed bad cipher util function and replaced it by external library.
* Added missing dependency. Fixed renaming of package name.
2019-03-01 16:48:06 +01:00
Vishal Nayak
feb235d5f8
Vault Agent Cache ( #6220 )
...
* vault-agent-cache: squashed 250+ commits
* Add proper token revocation validations to the tests
* Add more test cases
* Avoid leaking by not closing request/response bodies; add comments
* Fix revoke orphan use case; update tests
* Add CLI test for making request over unix socket
* agent/cache: remove namespace-related tests
* Strip-off the auto-auth token from the lookup response
* Output listener details along with configuration
* Add scheme to API address output
* leasecache: use IndexNameLease for prefix lease revocations
* Make CLI accept the fully qualified unix address
* export VAULT_AGENT_ADDR=unix://path/to/socket
* unix:/ to unix://
2019-02-14 20:10:36 -05:00
Shelby Moore
f8e1f82225
Updated proxy protocol config validation ( #4528 )
2018-05-09 10:53:44 -04:00
Vishal Nayak
28e3eb9e2c
Errwrap everywhere ( #4252 )
...
* package api
* package builtin/credential
* package builtin/logical
* package command
* package helper
* package http and logical
* package physical
* package shamir
* package vault
* package vault
* address feedback
* more fixes
2018-04-05 11:49:21 -04:00
Bharath B
699f9246e6
Config parameter "tls_disable_client_certs" is wrongly evaluated. ( #4049 )
2018-02-28 10:07:23 -05:00
Chris Hoffman
164849f056
Add support for encrypted TLS key files ( #3685 )
2017-12-15 17:33:55 -05:00
Jeff Mitchell
17a15cd594
Add option to disable client certificate requesting. ( #3373 )
...
Fixes #3372
2017-09-25 14:41:46 -04:00
Doyoon Kim
3ffebb7780
Moved PROXY protocol wrap to execute before the TLS wrap ( #3195 )
2017-08-23 12:00:09 -04:00
Gobin Sougrakpam
8e01c994bf
tls_client_ca_file option for verifying client ( #3034 )
2017-08-03 07:33:06 -04:00
Jeff Mitchell
1bfc6d4fe7
Add a -dev-three-node option for devs. ( #3081 )
2017-07-31 11:28:06 -04:00
Jeff Mitchell
d55d75a79f
Convert listener arguments to map[string]interface{} ( #2905 )
...
This allows people to use more natural constructs, e.g. for tls_disable
it can be a bool, int, or string.
2017-06-22 20:29:53 +01:00
Jeff Mitchell
5d760d4090
Add option to require valid client certificates ( #2457 )
2017-03-08 10:21:31 -05:00
Roman Vynar
1615280efa
Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener ( #2293 )
2017-01-23 13:48:35 -05:00
Jeff Mitchell
85315ff188
Rejig where the reload functions live
2016-09-30 00:07:22 -04:00
Jeff Mitchell
3ec81debe7
Trim leading/trailing space around PEM bundles.
...
Fixes #1634
2016-07-20 13:57:49 -04:00
vishalnayak
f34f0ef503
Make 'tls_min_version' configurable
2016-07-12 19:32:47 -04:00
Jeff Mitchell
0d9ea2a1a1
Initial Atlas listener implementation
2016-06-02 14:05:47 -04:00
Jeff Mitchell
84af6ec8ac
Don't generate an ID; use address for the ID. Generally speaking we'll need to sane against what's in the config
2016-03-11 17:28:03 -05:00
Jeff Mitchell
996c584192
Don't inline factory
2016-03-11 17:02:44 -05:00
Jeff Mitchell
d75ce9de9b
Retool to have reloading logic run in command/server
2016-03-11 16:47:03 -05:00
Jeff Mitchell
baf0763b3c
Add reload capability for Vault listener certs. No tests (other than
...
manual) yet, and no documentation yet.
2016-03-11 14:05:52 -05:00
Armon Dadgar
985717b428
server: sanity check value for 'tls_disable'
2015-11-25 11:37:57 -08:00
Armon Dadgar
ae28087f67
server: import sha512. Fixes #448
2015-07-23 13:51:45 -07:00
Karl Gutwin
1096f5a53e
Avoid unnecessary abbreviation
2015-07-22 23:28:46 -04:00
Karl Gutwin
2e81d9047d
Allow specifying a TLS minimum version
2015-07-22 23:19:41 -04:00
Armon Dadgar
268db24819
command/listener: Request TLS client cert. Fixes #214
2015-05-20 16:01:40 -07:00
Armon Dadgar
770116b8e9
command: Set minimum TLS version to 1.2
2015-04-13 19:09:44 -07:00
Mitchell Hashimoto
afc71d2a7b
command/server: cleaner output
2015-04-04 12:06:41 -07:00
Mitchell Hashimoto
393c6c6c20
command/server: support TLS
2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
61224ce312
command/server: tcp listener
2015-03-13 12:53:08 -07:00