SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions

Improve tls client cert handling

Browse source 
* Improve nginx setup to transfer auth information to the fcgiwrap
 backend.
 * Add instructions for creating client certs for testing.
 * Add debug output to see if and which client cert has been used when
   calling the csaf_provider.go .
This commit is contained in:
Bernhard Reiter 2022-02-15 18:20:24 +01:00
parent a71f490999
commit 2905a30cc0
No known key found for this signature in database
GPG key ID: 2B7BA3BF9BC3A554
4 changed files with 98 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

8
docs/provider-setup.md
View file

@ -46,6 +46,10 @@ location /cgi-bin/ {
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param CSAF_CONFIG /usr/lib/csaf/config.toml;
fastcgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
fastcgi_param SSL_CLIENT_I_DN $ssl_client_i_dn;
}
```
@ -54,6 +58,8 @@ Add to `/etc/nginx/sites-enabled/default`:
```
server {
root /usr/share/nginx/html;
location / {
# Other config
# ...
@ -74,7 +80,7 @@ server {
Place the binary under `/usr/lib/cgi-bin/csaf_provider.go`.
Make sure `/usr/lib/cgi-bin/` exists.
Create configuarion file under `/usr/lib/csaf/config.toml`:
Create configuration file under `/usr/lib/csaf/config.toml`:
```
# upload_signature = true