[pmg-devel] [PATCH pmg-api 0/2] Add handling of tls_policy_map to API
Dietmar Maurer
dietmar at proxmox.com
Fri Sep 21 17:11:03 CEST 2018
looks nice, thanks!
will do further tests next week.
> On September 21, 2018 at 3:51 PM Stoiko Ivanov <s.ivanov at proxmox.com> wrote:
>
>
> Issue #1887 requests to expose /etc/pmg/tls_policy file via GUI, in order to
> enable users to configure TLS-enforcement for certain receiver domains.
>
> The file /etc/pmg/tls_policy is already synced within the cluster, however
> editing had to be done manually.
>
> This patchset implements the pmg-api side of the request with the following
> constraints:
> * All defined policies [0] are supported, however none of the attributes are
> currently supported (global settings would need to be adapted.
> (e.g. it is not possible to override the allowed ciphers/tls-protocols on a
> per domain level, and it is also not possible to set a fingerprint per domain
> for hardcoding the certificate).
> * Originally I aimed for only supporting the 'encrypt' policy, however, given
> that the /etc/pmg/tls_policy file probably got used by some users, I tried
> to be more liberal with the supported format (without reimplementing the
> complete parser from postfix).
>
> Patches for the GUI and docs will be sent seperately.
>
> [0] http://www.postfix.org/TLS_README.html#client_tls_policy
>
> Stoiko Ivanov (2):
> register tls_policy file with reader/writer
> add PMG::API2::DestinationTLSPolicy
>
> Makefile | 1 +
> PMG/API2/Config.pm | 7 ++
> PMG/API2/DestinationTLSPolicy.pm | 214 +++++++++++++++++++++++++++++++++++++++
> PMG/Config.pm | 73 +++++++++++++
> 4 files changed, 295 insertions(+)
> create mode 100644 PMG/API2/DestinationTLSPolicy.pm
>
> --
> 2.11.0
>
>
> _______________________________________________
> pmg-devel mailing list
> pmg-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
More information about the pmg-devel
mailing list