[pmg-devel] [PATCH pmg-api 0/2] Add handling of tls_policy_map to API

Stoiko Ivanov s.ivanov at proxmox.com
Fri Sep 21 15:51:40 CEST 2018

Issue #1887 requests to expose /etc/pmg/tls_policy file via GUI, in order to
enable users to configure TLS-enforcement for certain receiver domains.

The file /etc/pmg/tls_policy is already synced within the cluster, however
editing had to be done manually.

This patchset implements the pmg-api side of the request with the following
* All defined policies [0] are supported, however none of the attributes are
  currently supported (global settings would need to be adapted.
  (e.g. it is not possible to override the allowed ciphers/tls-protocols on a
  per domain level, and it is also not possible to set a fingerprint per domain
  for hardcoding the certificate).
* Originally I aimed for only supporting the 'encrypt' policy, however, given
  that the /etc/pmg/tls_policy file probably got used by some users, I tried
  to be more liberal with the supported format (without reimplementing the
  complete parser from postfix).

Patches for the GUI and docs will be sent seperately.

[0] http://www.postfix.org/TLS_README.html#client_tls_policy

Stoiko Ivanov (2):
  register tls_policy file with reader/writer
  add PMG::API2::DestinationTLSPolicy

 Makefile                         |   1 +
 PMG/API2/Config.pm               |   7 ++
 PMG/API2/DestinationTLSPolicy.pm | 214 +++++++++++++++++++++++++++++++++++++++
 PMG/Config.pm                    |  73 +++++++++++++
 4 files changed, 295 insertions(+)
 create mode 100644 PMG/API2/DestinationTLSPolicy.pm


More information about the pmg-devel mailing list