Skip to content

Add encrypted/authenticated IPC listener support #2122

New issue
New issue
Open
#2129
Open
Add encrypted/authenticated IPC listener support#2122
#2129
Assignees
dr7ana
Milestone
0.10.x
@jagerman

Description

@jagerman
jagerman
opened on Jan 20, 2023

Something that would be very useful is to be able to expose an encrypted/authenticated but public listener. This needs two config additions:

  1. We need to be able to specify the address on which we listen_curve().
  2. We need to be able to specify one (or more) public keys that will be accepted.

Something like this in the config:

[api]
bind_curve = tcp://0.0.0.0:1234
curve_pubkey = abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789

This would then use listen_curve() on that address (in addition to any of the listen_plain()s that happen from the bind options currently).

listen_curve() takes an "allow" callback: the allow callback would be looking at the public key and return AuthLevel::admin if it is in the curve_pubkey list, otherwise AuthLevel::denied to refuse the connection.

Originally posted by @jagerman in #2111 (comment)

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions