Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

verify server certificate #136

Merged
merged 3 commits into from
Sep 16, 2024
Merged

verify server certificate #136

merged 3 commits into from
Sep 16, 2024

Conversation

najohnsn
Copy link
Member

@najohnsn najohnsn commented Sep 16, 2024
edited
Loading

This PR provides an enhancement that allows tnz to use the system default certificate store with a new environment variables:

 SESSION_SSL_VERIFY - set to cert or hostname to require verification

Set SESSION_SSL_VERIFY=cert to require that the server provide a trusted certificate.
Set SESSION_SSL_VERIFY=hostname to require that the certificate hostname match the requested hostname.

Also defined new environment variable SESSION_SECLEVEL to replace ZTI_SECLEVEL. The new name is more consistent with other variable names and it allows the user the flexibility to set arbitrary security levels.

@najohnsn najohnsn self-assigned this Sep 16, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 16, 2024
View reviewed changes
@najohnsn najohnsn force-pushed the verify-cert branch 2 times, most recently from 6f3d421 to 282b334 Compare September 16, 2024 18:18
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 16, 2024
View reviewed changes
@najohnsn najohnsn force-pushed the verify-cert branch 2 times, most recently from e937afe to c1ba107 Compare September 16, 2024 20:47
@najohnsn
verify cert
fab5282 
Signed-off-by: Neil Johnson <najohnsn@us.ibm.com>
@najohnsn najohnsn marked this pull request as ready for review September 16, 2024 21:06
@najohnsn
add doc
fb4c00d 
Signed-off-by: Neil Johnson <najohnsn@us.ibm.com>
@najohnsn
update year
39aabdf 
Signed-off-by: Neil Johnson <najohnsn@us.ibm.com>
@najohnsn najohnsn merged commit a934485 into main Sep 16, 2024
11 checks passed
@najohnsn najohnsn deleted the verify-cert branch September 16, 2024 22:04
@najohnsn najohnsn mentioned this pull request Sep 16, 2024
Open
@v1gnesh
Copy link

v1gnesh commented Sep 17, 2024

Potentially dumb comment as I haven't looked into this in a focused manner - an option to point to a cert bundle would be handy. This is how (ana/mini)conda, pypi, etc. do it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@najohnsn najohnsn

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@najohnsn @v1gnesh