From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 2A8C31FF13A for ; Wed, 27 May 2026 14:52:27 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id D97441C035; Wed, 27 May 2026 14:52:23 +0200 (CEST) From: Shannon Sterz To: pdm-devel@lists.proxmox.com Subject: [PATCH datacenter-manager 1/6] server: api: certificates: allow anybody to query the certificate info Date: Wed, 27 May 2026 14:52:12 +0200 Message-ID: <20260527125217.260760-2-s.sterz@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260527125217.260760-1-s.sterz@proxmox.com> References: <20260527125217.260760-1-s.sterz@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1779886313121 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.111 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [certificates.rs] Message-ID-Hash: V2PEX7IMUBSOKIA44UJBPJ5CQKIN6G5S X-Message-ID-Hash: V2PEX7IMUBSOKIA44UJBPJ5CQKIN6G5S X-MailFrom: s.sterz@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Datacenter Manager development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: this isn't really secret information as ever TLS connection to the host will expose the certificate anyway. however, being able to query this information from the web ui allows some usability improvements. as it is currently not possible to query the TLS fingerprint of the pdm host itself otherwise. Signed-off-by: Shannon Sterz --- server/src/api/nodes/certificates.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/api/nodes/certificates.rs b/server/src/api/nodes/certificates.rs index fc12e47..61e6bf9 100644 --- a/server/src/api/nodes/certificates.rs +++ b/server/src/api/nodes/certificates.rs @@ -60,7 +60,7 @@ fn get_certificate_info() -> Result { }, }, access: { - permission: &Permission::Privilege(&["system", "certificates"], PRIV_SYS_AUDIT, false), + permission: &Permission::Anybody, }, returns: { type: Array, -- 2.47.3