search

csaf-poc / csaf_distribution

Tools to download or provide CSAF (Common Security Advisory Framework) documents.
https://csaf.io
38 stars 22 forks source link

One should also be able to provide a TLS client certificate to use for the TLP:AMBER and TLP:RED feeds. #46

Closed bernhardreiter closed 2 years ago

bernhardreiter commented 2 years ago

One should also be able to provide a TLS client certificate to use for the TLP:AMBER and TLP:RED feeds.

_Originally posted by @tschmidtb51 in https://github.com/csaf-poc/csaf_distribution/issues/42#issuecomment-1024939988_

bernhardreiter commented 2 years ago

It is possible to configure nginx to do the check when reading a location differently than TLP:WHITE, the example configuration has this restriction (for all three TLP values green, amber and red) and https://github.com/csaf-poc/csaf_distribution/blob/8711ea67fe1de426ac1aac0c2862724c84cda96e/docs/client-certificate-setup.md?plain=1#L35-L38 explains how to change the configuration if the three TLP values should also be accessible by different client certificates.

@tschmidtb51 Does this resolve the issue for you?

tschmidtb51 commented 2 years ago

Nearly. Please insert an example what a user should expect $ssl_client_i_dn to be.