Skip to content

tls-context: add ignore-validity-period option for TLS #4642

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 2, 2023
Merged

tls-context: add ignore-validity-period option for TLS #4642

merged 2 commits into from
Oct 2, 2023

Conversation

CedricArickx
Copy link
Contributor

In some cases you want to verify the ssl certificate authenticity but don't care about the validity period. For example when working in a system without an NTP server.
Currently there is no way to do this except for simply not verifying the certificate at all.

This option disables the ssl validity period check, but still does all other verification steps.

@kira-syslogng
Copy link
Contributor

This user does not have permission to start the build. Can one of the admins verify this patch and start the build?
(admin: you have the next options (make sure you checked the code):
"ok to test" to accept this pull request (and further changes) for testing
"test this please" for a one time test run
"add to whitelist" add author of a Pull Request to whitelist (globally, be careful, it means this user can trigger kira for any PR)
do nothing -> CI won't start)

1 similar comment
@kira-syslogng
Copy link
Contributor

This user does not have permission to start the build. Can one of the admins verify this patch and start the build?
(admin: you have the next options (make sure you checked the code):
"ok to test" to accept this pull request (and further changes) for testing
"test this please" for a one time test run
"add to whitelist" add author of a Pull Request to whitelist (globally, be careful, it means this user can trigger kira for any PR)
do nothing -> CI won't start)

@bazsi
Copy link
Collaborator

bazsi commented Sep 22, 2023

@kira-syslogng ok to test;

@CedricArickx
Copy link
Contributor Author

Hi @bazsi, is there anything I need to change in this PR to make it pass this one failing check?

bazsi
bazsi previously approved these changes Sep 29, 2023
View reviewed changes
CedricArickx and others added 2 commits October 2, 2023 06:37
@CedricArickx @bazsi
tls-context: add ignore-validity-period option for TLS
c880156 
In some cases you want to verify the ssl certificate authenticity
but don't care about the validity period. For example when working
in a system without an NTP server.
Currently there is no way to do this except for simply not verifying
the certificate at all.

This option disables the ssl validity period check,
but still does all other verification steps.

Signed-off-by: Cedric Arickx <cedric.arickx@gmail.com>
@bazsi
news: added news entry for #4642
d21ee55 
Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com>
@bazsi
Copy link
Collaborator

bazsi commented Oct 2, 2023

I've rebased this branch and added a NEWS entry, and also added some more detail in the log message. With those changes I am ready to merge this once the tests run and they are green.

@MrAnno
Copy link
Collaborator

MrAnno commented Oct 2, 2023

Thank you.

@MrAnno MrAnno merged commit f255743 into syslog-ng:master Oct 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
2 more reviewers

@MrAnno MrAnno MrAnno approved these changes

@bazsi bazsi bazsi left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@CedricArickx @kira-syslogng @bazsi @MrAnno