freeipa

Clone
Source Code
GIT

#7027 Use TLS for cert-find
Closed: fixed 6 years ago Opened 6 years ago by cheimes.

Closed: fixed
Reopen Issue

Follow-up ticket for #6966

cert-find has been modified to use HTTP on port 80/TCP instead of 8080/TCP. We should avoid plain HTTP and use HTTPS everywhere. It's not just a matter of privacy protection but also integrity protection. We should consider any network except localhost as untrusted.

There are just a few cases where unprotected communication is necessary or unavoidable: CRL download, OCSP status requests, CA bootstrapping, and AIA chasing. In all but the CA bootstrapping case, integrity is ensured by signatures or similar means.

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.6
6 years ago

Metadata Update from @tkrizek:
- Issue set to the milestone: FreeIPA 4.6.1 (was: FreeIPA 4.6)
6 years ago

Metadata Update from @rcritten:
- Issue assigned to rcritten
6 years ago

Metadata Update from @fbarreto:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/1042
6 years ago

master:

  • fa61812 Use TLS for the cert-find operation

ipa-4-6:

  • 52a18de Use TLS for the cert-find operation

Metadata Update from @stlaz:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
6 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
None
None
None
None
None
https://github.com/freeipa/freeipa/pull/1042
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.