* [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate
@ 2024-10-30 13:44 Maximiliano Sandoval
2024-10-30 13:44 ` [pve-devel] [PATCH manager 2/2] api: node: index: use standard fingerprint-sha256 option Maximiliano Sandoval
2024-10-31 12:34 ` [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate Fabian Grünbichler
0 siblings, 2 replies; 4+ messages in thread
From: Maximiliano Sandoval @ 2024-10-30 13:44 UTC (permalink / raw)
To: pve-devel
The function internally calls
PVE::Certificate::get_certificate_fingerprint which in turn calls:
```
my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
```
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
PVE/API2/Nodes.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm
index e8ff6dd9..1db148af 100644
--- a/PVE/API2/Nodes.pm
+++ b/PVE/API2/Nodes.pm
@@ -2567,7 +2567,7 @@ __PACKAGE__->register_method ({
renderer => 'duration',
},
ssl_fingerprint => {
- description => "The SSL fingerprint for the node certificate.",
+ description => "The SSL SHA-256 fingerprint for the node certificate.",
type => 'string',
optional => 1,
},
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread* [pve-devel] [PATCH manager 2/2] api: node: index: use standard fingerprint-sha256 option
2024-10-30 13:44 [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate Maximiliano Sandoval
@ 2024-10-30 13:44 ` Maximiliano Sandoval
2024-10-30 13:58 ` Maximiliano Sandoval
2024-10-31 12:34 ` [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate Fabian Grünbichler
1 sibling, 1 reply; 4+ messages in thread
From: Maximiliano Sandoval @ 2024-10-30 13:44 UTC (permalink / raw)
To: pve-devel
This adds a regex check for valid fingerprints.
Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
Diferences from v1:
- Use get_standard_option
PVE/API2/Nodes.pm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm
index 1db148af..8dddf58b 100644
--- a/PVE/API2/Nodes.pm
+++ b/PVE/API2/Nodes.pm
@@ -2566,11 +2566,10 @@ __PACKAGE__->register_method ({
optional => 1,
renderer => 'duration',
},
- ssl_fingerprint => {
+ ssl_fingerprint => get_standard_option('fingerprint-sha256', {
description => "The SSL SHA-256 fingerprint for the node certificate.",
- type => 'string',
optional => 1,
- },
+ }),
},
},
links => [ { rel => 'child', href => "{node}" } ],
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate
2024-10-30 13:44 [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate Maximiliano Sandoval
2024-10-30 13:44 ` [pve-devel] [PATCH manager 2/2] api: node: index: use standard fingerprint-sha256 option Maximiliano Sandoval
@ 2024-10-31 12:34 ` Fabian Grünbichler
1 sibling, 0 replies; 4+ messages in thread
From: Fabian Grünbichler @ 2024-10-31 12:34 UTC (permalink / raw)
To: Proxmox VE development discussion
On October 30, 2024 2:44 pm, Maximiliano Sandoval wrote:
> The function internally calls
> PVE::Certificate::get_certificate_fingerprint which in turn calls:
>
> ```
> my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
> ```
>
> Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
> ---
> PVE/API2/Nodes.pm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm
> index e8ff6dd9..1db148af 100644
> --- a/PVE/API2/Nodes.pm
> +++ b/PVE/API2/Nodes.pm
> @@ -2567,7 +2567,7 @@ __PACKAGE__->register_method ({
> renderer => 'duration',
> },
> ssl_fingerprint => {
> - description => "The SSL fingerprint for the node certificate.",
> + description => "The SSL SHA-256 fingerprint for the node certificate.",
what is an "SSL SHA-256 fingerprint"? the original was already bad, but
this made it worse..
the standard option has "Certificate SHA 256 fingerprint" as
description, IMHO that would already be quite okay here? after all, if
there is only a single fingerprint returned per node, it's quite clear
which certificate it belongs to?
or if you want to make it more specific, then use something like
"The SHA-256 fingerprint of the node's TLS certificate"
> type => 'string',
> optional => 1,
> },
> --
> 2.39.5
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-10-31 12:35 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-30 13:44 [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate Maximiliano Sandoval
2024-10-30 13:44 ` [pve-devel] [PATCH manager 2/2] api: node: index: use standard fingerprint-sha256 option Maximiliano Sandoval
2024-10-30 13:58 ` Maximiliano Sandoval
2024-10-31 12:34 ` [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate Fabian Grünbichler
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.