[nrpe/ssl] manage ssl protocols even if ssl authentication is unused #60
Conversation
ymartin-ovh
force-pushed
the
dev/yannick.martin/ssl-cert-not-required
branch
11 times, most recently
from
80279f6 to
574e241
Compare
|
Hello @smortex / @bastelfreak / @alexjfisher I submit this patch to allow nagios ssl tuning even if we don't want to use ssl authentication. Regards |
|
Hello Do I need to fix something ? Regards |
manifests/params.pp
Outdated
| 'DHE-RSA-AES256-SHA256', | ||
| 'DHE-RSA-AES256-SHA256' |
There was a problem hiding this comment.
This does not look right. I would expect CI to catch this (we want trailing comas)… weird… can you revert it?
| group => $nrpe::nrpe_group, | ||
| mode => '0640', | ||
| content => $nrpe::ssl_privatekey_file_content, | ||
| if $nrpe::ssl_cert_file_content { |
There was a problem hiding this comment.
The condition being on $nrpe::ssl_cert_file_content only looks odd. Regarding TLS in general, I would expect that either CA+Cert+Key are provided or none of them, and anything else is invalid and raise an error. Some systems might have an optional CA / CRL. Here the certificate without a key looks odd.
There was a problem hiding this comment.
I simply move if condition check from parent file to this one.
… unused enable ADH to address issue with openssl-1.1 and default module SSL cipher suite
ymartin-ovh
force-pushed
the
dev/yannick.martin/ssl-cert-not-required
branch
from
574e241 to
0a433be
Compare
|
Hello, Is there anything against this contrib ? Regards |
Pull Request (PR) description
I want to be able to configure ssl protocol settings even if I don't use ssl cert authentication.
SSL directive can be included all time even if daemon is started with no-ssl flag.
This Pull Request (PR) fixes the following issues