Uploaded image for project: 'Nuxeo Drive '
  1. Nuxeo Drive
  2. NXDRIVE-2442

Implement mutual TLS authentication

    XMLWordPrintable

    Details

    • Release Notes Summary:
      Implementation of mutual TLS authentication
    • Release Notes Description:
      Hide

      Drive is now compatible with servers that require mutual TLS authentication. The user can specify the paths to a client certificate and it's unencrypted key in the configuration file with the options cert-file and cert-key-file.

      Show
      Drive is now compatible with servers that require mutual TLS authentication. The user can specify the paths to a client certificate and it's unencrypted key in the configuration file with the options cert-file  and cert-key-file .
    • Tags:
    • Sprint:
      nxDrive 11.2.13
    • Story Points:
      3

      Description

      User Story

      I want to use mutual TLS authentication, i.e., two-way SSL, where the client must present its own certificate and private key (see curl --cert and --key parameters).

      Scope

      Read the requests documentation about client-side certificates.

      Important note: The private key to the local certificate must be unencrypted.

      Actions:

      • Add the --cert and --key CLI arguments.
      • Add corresponding cert_file and cert_key_file options.
      • Add corresponding documentation.
      • Add the logic to use those files instead of any other options (like ca_bundle or ssl_no_verify).
      • Maybe more tricky but it would be very nice to have a test.
      • When the patch will be merged, backport the documentation part to the Nuxeo documentation website.

        Attachments

          Issue Links

          is duplicated by

          New Feature - A new feature of the product, which has yet to be developed. NXDRIVE-2441 Two-way TLS negociation

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is related to

          New Feature - A new feature of the product, which has yet to be developed. NXDRIVE-30 Client certificate authentication for Nuxeo Drive

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          Is referenced in

          [Captain Hook] PR for static-nx-asset: #1783 PR for static-nx-asset: #1783

          [Captain Hook] PR for static: #1698 PR for static: #1698

          links to

          Web Link PR #2449

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 4 days
                  4d