public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
* [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate
@ 2024-10-30 13:44 Maximiliano Sandoval
  2024-10-30 13:44 ` [pve-devel] [PATCH manager 2/2] api: node: index: use standard fingerprint-sha256 option Maximiliano Sandoval
  2024-10-31 12:34 ` [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate Fabian Grünbichler
  0 siblings, 2 replies; 7+ messages in thread
From: Maximiliano Sandoval @ 2024-10-30 13:44 UTC (permalink / raw)
  To: pve-devel

The function internally calls
PVE::Certificate::get_certificate_fingerprint which in turn calls:

```
    my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
```

Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
 PVE/API2/Nodes.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm
index e8ff6dd9..1db148af 100644
--- a/PVE/API2/Nodes.pm
+++ b/PVE/API2/Nodes.pm
@@ -2567,7 +2567,7 @@ __PACKAGE__->register_method ({
 		    renderer => 'duration',
 		},
 		ssl_fingerprint => {
-		    description => "The SSL fingerprint for the node certificate.",
+		    description => "The SSL SHA-256 fingerprint for the node certificate.",
 		    type => 'string',
 		    optional => 1,
 		},
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 7+ messages in thread

* [pve-devel] [PATCH manager 2/2] api: node: index: use standard fingerprint-sha256 option
  2024-10-30 13:44 [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate Maximiliano Sandoval
@ 2024-10-30 13:44 ` Maximiliano Sandoval
  2024-10-30 13:58   ` Maximiliano Sandoval
  2024-10-31 12:34 ` [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate Fabian Grünbichler
  1 sibling, 1 reply; 7+ messages in thread
From: Maximiliano Sandoval @ 2024-10-30 13:44 UTC (permalink / raw)
  To: pve-devel

This adds a regex check for valid fingerprints.

Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---

Diferences from v1:
 - Use get_standard_option

 PVE/API2/Nodes.pm | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm
index 1db148af..8dddf58b 100644
--- a/PVE/API2/Nodes.pm
+++ b/PVE/API2/Nodes.pm
@@ -2566,11 +2566,10 @@ __PACKAGE__->register_method ({
 		    optional => 1,
 		    renderer => 'duration',
 		},
-		ssl_fingerprint => {
+		ssl_fingerprint => get_standard_option('fingerprint-sha256', {
 		    description => "The SSL SHA-256 fingerprint for the node certificate.",
-		    type => 'string',
 		    optional => 1,
-		},
+		}),
 	    },
 	},
 	links => [ { rel => 'child', href => "{node}" } ],
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [pve-devel] [PATCH manager 2/2] api: node: index: use standard fingerprint-sha256 option
  2024-10-30 13:44 ` [pve-devel] [PATCH manager 2/2] api: node: index: use standard fingerprint-sha256 option Maximiliano Sandoval
@ 2024-10-30 13:58   ` Maximiliano Sandoval
  0 siblings, 0 replies; 7+ messages in thread
From: Maximiliano Sandoval @ 2024-10-30 13:58 UTC (permalink / raw)
  To: Maximiliano Sandoval; +Cc: pve-devel


Maximiliano Sandoval <m.sandoval@proxmox.com> writes:

I forgot to mark this as v2.

> This adds a regex check for valid fingerprints.
>
> Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate
  2024-10-30 13:44 [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate Maximiliano Sandoval
  2024-10-30 13:44 ` [pve-devel] [PATCH manager 2/2] api: node: index: use standard fingerprint-sha256 option Maximiliano Sandoval
@ 2024-10-31 12:34 ` Fabian Grünbichler
  1 sibling, 0 replies; 7+ messages in thread
From: Fabian Grünbichler @ 2024-10-31 12:34 UTC (permalink / raw)
  To: Proxmox VE development discussion

On October 30, 2024 2:44 pm, Maximiliano Sandoval wrote:
> The function internally calls
> PVE::Certificate::get_certificate_fingerprint which in turn calls:
> 
> ```
>     my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
> ```
> 
> Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
> ---
>  PVE/API2/Nodes.pm | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm
> index e8ff6dd9..1db148af 100644
> --- a/PVE/API2/Nodes.pm
> +++ b/PVE/API2/Nodes.pm
> @@ -2567,7 +2567,7 @@ __PACKAGE__->register_method ({
>  		    renderer => 'duration',
>  		},
>  		ssl_fingerprint => {
> -		    description => "The SSL fingerprint for the node certificate.",
> +		    description => "The SSL SHA-256 fingerprint for the node certificate.",

what is an "SSL SHA-256 fingerprint"? the original was already bad, but
this made it worse..

the standard option has "Certificate SHA 256 fingerprint" as
description, IMHO that would already be quite okay here? after all, if
there is only a single fingerprint returned per node, it's quite clear
which certificate it belongs to?

or if you want to make it more specific, then use something like

"The SHA-256 fingerprint of the node's TLS certificate"

>  		    type => 'string',
>  		    optional => 1,
>  		},
> -- 
> 2.39.5
> 
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 
> 


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate
  2024-10-30 12:51 ` Fabian Grünbichler
@ 2024-10-30 13:35   ` Maximiliano Sandoval
  0 siblings, 0 replies; 7+ messages in thread
From: Maximiliano Sandoval @ 2024-10-30 13:35 UTC (permalink / raw)
  To: Fabian Grünbichler; +Cc: Proxmox VE development discussion


Fabian Grünbichler <f.gruenbichler@proxmox.com> writes:

> see my comments to the pmg-api patch(es)..

Yeah, saw them right after sending this. I sent v2 of the pmg-api patch
already, will do v2 of this one. Thanks.



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate
  2024-10-30 12:18 Maximiliano Sandoval
@ 2024-10-30 12:51 ` Fabian Grünbichler
  2024-10-30 13:35   ` Maximiliano Sandoval
  0 siblings, 1 reply; 7+ messages in thread
From: Fabian Grünbichler @ 2024-10-30 12:51 UTC (permalink / raw)
  To: Proxmox VE development discussion, Maximiliano Sandoval

see my comments to the pmg-api patch(es)..

> Maximiliano Sandoval <m.sandoval@proxmox.com> hat am 30.10.2024 13:18 CET geschrieben:
> 
>  
> The function internally calls
> PVE::Certificate::get_certificate_fingerprint which in turn calls:
> 
> ```
>     my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
> ```
> 
> Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
> ---
>  PVE/API2/Nodes.pm | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm
> index e8ff6dd9..1db148af 100644
> --- a/PVE/API2/Nodes.pm
> +++ b/PVE/API2/Nodes.pm
> @@ -2567,7 +2567,7 @@ __PACKAGE__->register_method ({
>  		    renderer => 'duration',
>  		},
>  		ssl_fingerprint => {
> -		    description => "The SSL fingerprint for the node certificate.",
> +		    description => "The SSL SHA-256 fingerprint for the node certificate.",
>  		    type => 'string',
>  		    optional => 1,
>  		},
> -- 
> 2.39.5
> 
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 7+ messages in thread

* [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate
@ 2024-10-30 12:18 Maximiliano Sandoval
  2024-10-30 12:51 ` Fabian Grünbichler
  0 siblings, 1 reply; 7+ messages in thread
From: Maximiliano Sandoval @ 2024-10-30 12:18 UTC (permalink / raw)
  To: pve-devel

The function internally calls
PVE::Certificate::get_certificate_fingerprint which in turn calls:

```
    my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
```

Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
 PVE/API2/Nodes.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm
index e8ff6dd9..1db148af 100644
--- a/PVE/API2/Nodes.pm
+++ b/PVE/API2/Nodes.pm
@@ -2567,7 +2567,7 @@ __PACKAGE__->register_method ({
 		    renderer => 'duration',
 		},
 		ssl_fingerprint => {
-		    description => "The SSL fingerprint for the node certificate.",
+		    description => "The SSL SHA-256 fingerprint for the node certificate.",
 		    type => 'string',
 		    optional => 1,
 		},
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2024-10-31 12:35 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-30 13:44 [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate Maximiliano Sandoval
2024-10-30 13:44 ` [pve-devel] [PATCH manager 2/2] api: node: index: use standard fingerprint-sha256 option Maximiliano Sandoval
2024-10-30 13:58   ` Maximiliano Sandoval
2024-10-31 12:34 ` [pve-devel] [PATCH manager 1/2] api: nodes: index: specify the type of SSL certificate Fabian Grünbichler
  -- strict thread matches above, loose matches on Subject: below --
2024-10-30 12:18 Maximiliano Sandoval
2024-10-30 12:51 ` Fabian Grünbichler
2024-10-30 13:35   ` Maximiliano Sandoval

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal