tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ciphers: improve option naming

Browse Source 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2022-01-13 10:54:40 +01:00
parent f37167aeff
commit 5ee8dd784f
3 changed files with 24 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/api2/node/config.rs
View File

@ -56,10 +56,12 @@ pub enum DeletableProperty {
http_proxy, http_proxy,
/// Delete the email-from property. /// Delete the email-from property.
email_from, email_from,
/// Delete the ciphers-tls13 property. /// Delete the ciphers-tls-1.3 property.
ciphers_tls13, #[serde(rename="ciphers-tls-1.3")]
/// Delete the ciphers-tls12 property. ciphers_tls_1_3,
ciphers_tls12, /// Delete the ciphers-tls-1.2 property.
#[serde(rename="ciphers-tls-1.2")]
ciphers_tls_1_2,
} }
#[api( #[api(
@ -117,8 +119,8 @@ pub fn update_node_config(
DeletableProperty::acmedomain4 => { config.acmedomain4 = None; }, DeletableProperty::acmedomain4 => { config.acmedomain4 = None; },
DeletableProperty::http_proxy => { config.http_proxy = None; }, DeletableProperty::http_proxy => { config.http_proxy = None; },
DeletableProperty::email_from => { config.email_from = None; }, DeletableProperty::email_from => { config.email_from = None; },
DeletableProperty::ciphers_tls13 => { config.ciphers_tls13 = None; }, DeletableProperty::ciphers_tls_1_3 => { config.ciphers_tls_1_3 = None; },
DeletableProperty::ciphers_tls12 => { config.ciphers_tls12 = None; }, DeletableProperty::ciphers_tls_1_2 => { config.ciphers_tls_1_2 = None; },
} }
} }
} }
@ -131,8 +133,8 @@ pub fn update_node_config(
if update.acmedomain4.is_some() { config.acmedomain4 = update.acmedomain4; } if update.acmedomain4.is_some() { config.acmedomain4 = update.acmedomain4; }
if update.http_proxy.is_some() { config.http_proxy = update.http_proxy; } if update.http_proxy.is_some() { config.http_proxy = update.http_proxy; }
if update.email_from.is_some() { config.email_from = update.email_from; } if update.email_from.is_some() { config.email_from = update.email_from; }
if update.ciphers_tls13.is_some() { config.ciphers_tls13 = update.ciphers_tls13; } if update.ciphers_tls_1_3.is_some() { config.ciphers_tls_1_3 = update.ciphers_tls_1_3; }
if update.ciphers_tls12.is_some() { config.ciphers_tls12 = update.ciphers_tls12; } if update.ciphers_tls_1_2.is_some() { config.ciphers_tls_1_2 = update.ciphers_tls_1_2; }
crate::config::node::save_config(&config)?; crate::config::node::save_config(&config)?;

8
src/bin/proxmox-backup-proxy.rs
View File

@ -343,14 +343,14 @@ fn make_tls_acceptor() -> Result<SslAcceptor, Error> {
let cert_path = configdir!("/proxy.pem"); let cert_path = configdir!("/proxy.pem");
let (config, _) = proxmox_backup::config::node::config()?; let (config, _) = proxmox_backup::config::node::config()?;
let ciphers_tls13 = config.ciphers_tls13; let ciphers_tls_1_3 = config.ciphers_tls_1_3;
let ciphers_tls12 = config.ciphers_tls12; let ciphers_tls_1_2 = config.ciphers_tls_1_2;
let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap(); let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();
if let Some(ciphers) = ciphers_tls13.as_deref() { if let Some(ciphers) = ciphers_tls_1_3.as_deref() {
acceptor.set_ciphersuites(ciphers)?; acceptor.set_ciphersuites(ciphers)?;
} }
if let Some(ciphers) = ciphers_tls12.as_deref() { if let Some(ciphers) = ciphers_tls_1_2.as_deref() {
acceptor.set_cipher_list(ciphers)?; acceptor.set_cipher_list(ciphers)?;
} }
acceptor.set_private_key_file(key_path, SslFiletype::PEM) acceptor.set_private_key_file(key_path, SslFiletype::PEM)

20
src/config/node.rs
View File

@ -92,11 +92,11 @@ pub struct AcmeConfig {
schema: EMAIL_SCHEMA, schema: EMAIL_SCHEMA,
optional: true, optional: true,
}, },
"ciphers-tls13": { "ciphers-tls-1.3": {
schema: OPENSSL_CIPHERS_TLS_1_3_SCHEMA, schema: OPENSSL_CIPHERS_TLS_1_3_SCHEMA,
optional: true, optional: true,
}, },
"ciphers-tls12": { "ciphers-tls-1.2": {
schema: OPENSSL_CIPHERS_TLS_1_2_SCHEMA, schema: OPENSSL_CIPHERS_TLS_1_2_SCHEMA,
optional: true, optional: true,
}, },
@ -131,13 +131,13 @@ pub struct NodeConfig {
#[serde(skip_serializing_if = "Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub email_from: Option<String>, pub email_from: Option<String>,
/// List of SSL ciphers for tls 1.3 that will be used by the proxy. (Proxy has to be restarted for changes to take effect) /// List of TLS ciphers for TLS 1.3 that will be used by the proxy. (Proxy has to be restarted for changes to take effect)
#[serde(skip_serializing_if = "Option::is_none")] #[serde(skip_serializing_if = "Option::is_none", rename="ciphers-tls-1.3")]
pub ciphers_tls13: Option<String>, pub ciphers_tls_1_3: Option<String>,
/// List of SSL ciphers for tls <= 1.2 that will be used by the proxy. (Proxy has to be restarted for changes to take effect) /// List of TLS ciphers for TLS <= 1.2 that will be used by the proxy. (Proxy has to be restarted for changes to take effect)
#[serde(skip_serializing_if = "Option::is_none")] #[serde(skip_serializing_if = "Option::is_none", rename="ciphers-tls-1.2")]
pub ciphers_tls12: Option<String>, pub ciphers_tls_1_2: Option<String>,
} }
impl NodeConfig { impl NodeConfig {
@ -190,10 +190,10 @@ impl NodeConfig {
} }
} }
let mut dummy_acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap(); let mut dummy_acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();
if let Some(ciphers) = self.ciphers_tls13.as_deref() { if let Some(ciphers) = self.ciphers_tls_1_3.as_deref() {
dummy_acceptor.set_ciphersuites(ciphers)?; dummy_acceptor.set_ciphersuites(ciphers)?;
} }
if let Some(ciphers) = self.ciphers_tls12.as_deref() { if let Some(ciphers) = self.ciphers_tls_1_2.as_deref() {
dummy_acceptor.set_cipher_list(ciphers)?; dummy_acceptor.set_cipher_list(ciphers)?;
} }