Comments (7)
@kfox1111 Try this to see if it fixes your issue?
from ghostunnel.
Released in v1.7.3
from ghostunnel.
Need more information to know what's happening. Did the client provide a certificate but Ghostunnel didn't see it? Or do you want clients w/o certs to be able to connect?
from ghostunnel.
Trying to get clients without certs to be able to successfully use the service but use spire to issue/refresh the server side certificate.
from ghostunnel.
Amongst other clients, I was doing testing mostly with curl against ghostunel in server mode.
from ghostunnel.
I've looked into this and if the Workload API is being used in the server, the disable-authentication
flag is ignored. I've reproduced this running ./ghostunnel server --use-workload-api-addr unix:/tmp/spire-agent/public/api.sock --listen :9000 --target localhost:9001 --disable-authentication
.
I think that the problem may be here: https://github.com/ghostunnel/ghostunnel/blob/master/main.go#L837.
The TLSConfigSourceFromWorkloadAPI function is being called using the *clientDisableAuth
value, while this is being executed by a server command. Shouldn't it be called with *serverDisableAuth
?
from ghostunnel.
Good catch! That function is used both in server and in client mode, so it should probably take a flag for disableAuth, and the client/server mode main function needs to pass either *clientDisableAuth or *serverDisableAuth.
from ghostunnel.
Related Issues (20)
- Open Policy Agent support? HOT 7
- Support for OPA policies hot-reload and re-authorizing existing connections HOT 5
- CVE-2022-37434 HOT 6
- Help not show how to set cert HOT 1
- keystore password not working HOT 6
- GLIBC too old HOT 7
- Can't build HOT 2
- x/text dependendy should be updated to latest version for CVE-2022-32149 HOT 4
- PKCS11 tokens that don't support RSA-PSS don't work. We should make sure the mechanism is supported or handle the error HOT 3
- Windows binary .exe extension is missing HOT 1
- Add linux arm64 binaries in the official releases ? HOT 2
- Trying to use ghostunnel in client mode only to connect directly to a mysql server. Is this even possible? HOT 1
- Any plans to support DTLS? HOT 2
- Release 1.7.2 is missing binary ghostunnel-linux-amd64 HOT 2
- Getting the error while running in windows. for workload api (spiffe/error: Failed to watch the Workload API : rpc error: code = Unavailable desc = connection error: desc = "transport: Erro r while dialing: open \\.\pipe\backend-agent\public\api: The system cannot find the file specified.") HOT 3
- Workload API is not working in Windows. HOT 1
- failed to build resolver: invalid (non-empty) authority
- [ documentation ] Comparision section HOT 1
- Why only support http/https, Why not support four layer proxies? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ghostunnel.