Branch: refs/heads/2.1.0
Home:
https://github.com/tribe29/checkmk
Commit: 45e8fc54d3be19bb56368148aa93f934d820e7bb
https://github.com/tribe29/checkmk/commit/45e8fc54d3be19bb56368148aa93f934d…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-06-14 (Tue, 14 Jun 2022)
Changed paths:
M cmk/gui/fields/__init__.py
M cmk/gui/fields/definitions.py
M cmk/gui/plugins/openapi/endpoints/certs.py
M cmk/gui/plugins/openapi/restful_objects/request_schemas.py
M tests/unit/cmk/gui/plugins/openapi/test_openapi_certs.py
Log Message:
-----------
REST API endpoint for CSRs: restrict to CNs which are valid UUIDs
This internal endpoint is used during the agent registration process. It
issues agent certificates which are later used to encrypt the transport
of agent data. We want to make sure that we only issue agent
certificates with CNs which are valid UUIDs. This mitigates possible
attack vectors which involve the misuse of agent certificates to act as
a false agent controller.
CMK-10708
Change-Id: I62e683c43a45bb947abaf8886a6a7365a7ed264a