Branch: refs/heads/master
Home:
https://github.com/tribe29/checkmk
Commit: c6d30b391238444f8e3c8476c47fd6bccec9449e
https://github.com/tribe29/checkmk/commit/c6d30b391238444f8e3c8476c47fd6bcc…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-06-14 (Tue, 14 Jun 2022)
Changed paths:
M cmk/gui/fields/__init__.py
M cmk/gui/fields/definitions.py
M cmk/gui/plugins/openapi/endpoints/certs.py
M cmk/gui/plugins/openapi/restful_objects/request_schemas.py
M tests/unit/cmk/gui/plugins/openapi/test_openapi_certs.py
Log Message:
-----------
REST API endpoint for CSRs: restrict to CNs which are valid UUIDs
This internal endpoint is used during the agent registration process. It
issues agent certificates which are later used to encrypt the transport
of agent data. We want to make sure that we only issue agent
certificates with CNs which are valid UUIDs. This mitigates possible
attack vectors which involve the misuse of agent certificates to act as
a false agent controller.
CMK-10708
Change-Id: I62e683c43a45bb947abaf8886a6a7365a7ed264a