[pmg-devel] [PATCH pmg-api 0/2] Add handling of tls_policy_map to API
Stoiko Ivanov
s.ivanov at proxmox.com
Fri Sep 21 15:51:40 CEST 2018
Issue #1887 requests to expose /etc/pmg/tls_policy file via GUI, in order to
enable users to configure TLS-enforcement for certain receiver domains.
The file /etc/pmg/tls_policy is already synced within the cluster, however
editing had to be done manually.
This patchset implements the pmg-api side of the request with the following
constraints:
* All defined policies [0] are supported, however none of the attributes are
currently supported (global settings would need to be adapted.
(e.g. it is not possible to override the allowed ciphers/tls-protocols on a
per domain level, and it is also not possible to set a fingerprint per domain
for hardcoding the certificate).
* Originally I aimed for only supporting the 'encrypt' policy, however, given
that the /etc/pmg/tls_policy file probably got used by some users, I tried
to be more liberal with the supported format (without reimplementing the
complete parser from postfix).
Patches for the GUI and docs will be sent seperately.
[0] http://www.postfix.org/TLS_README.html#client_tls_policy
Stoiko Ivanov (2):
register tls_policy file with reader/writer
add PMG::API2::DestinationTLSPolicy
Makefile | 1 +
PMG/API2/Config.pm | 7 ++
PMG/API2/DestinationTLSPolicy.pm | 214 +++++++++++++++++++++++++++++++++++++++
PMG/Config.pm | 73 +++++++++++++
4 files changed, 295 insertions(+)
create mode 100644 PMG/API2/DestinationTLSPolicy.pm
--
2.11.0
More information about the pmg-devel
mailing list