ydb - Mirror of YDB github repos

diff options

author	Konstantin Khlebnikov <khlebnikov@tracto.ai>	2025-06-24 09:06:29 +0300
committer	robot-piglet <robot-piglet@yandex-team.com>	2025-06-24 09:22:13 +0300
commit	a95172fb1009f3b9872c662737eb32c621a45104 (patch)
tree	5a9ad98bbcf8d9d045c95c800fc7064c45714ef6 /library/cpp/regex/pire/ut/inline_ut.cpp
parent	ba9b681e77f3770fd927bc069aa9f9d170ef0b24 (diff)
download	ydb-a95172fb1009f3b9872c662737eb32c621a45104.tar.gz

yt/core/bus: fail connection if client TLS certificate is required but not provided

SSL flag "SSL_VERIFY_PEER" indeed requests and verifies client certificate. But it does _nothing_ if client have not provided any TLS certificate. Safe behaviour needs also flag "SSL_VERIFY_FAIL_IF_NO_PEER_CERT". * fail client certificate verification without client certificate * add additional check that certificate is available after TLS handshake * log peer certificate fingerprint to track connectivity * add early failure on client side to avoid wasting time on TLS handshake * add test cases for mutual TLS certificate verification Signed-off-by: Konstantin Khlebnikov <khlebnikov@tracto.ai> --- * Changelog entry Type: fix Component: misc-server Fix mTLS in bus RPC --- Pull Request resolved: https://github.com/ytsaurus/ytsaurus/pull/1311 commit_hash:b798a7ca11eed5d5ca4eb6c6dda30c8152ec011d

Diffstat (limited to 'library/cpp/regex/pire/ut/inline_ut.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: