Comments (4)
You did a great job, thank you. You are right, flags tls_[ocsp|crl]_from_cert
doesn't override default values of tls_[ocsp|crl]_[client|database]_from_cert
, and Acra expects explicit overriding values for both parameters.
And you are right, it is unexpected and not documented behavior. We can update documentation and note that users should set empty values for parameters that have a non-empty default value, or we can set an empty default values (what we didn't do due to following our primary approach of secure by default configuration and using the strictest options by default), or we can update logic of parsing configuration options and ignore default values of not-set parameters and use general one if it set.
And we will choose the last option because it simplifies configuration by specifying only one parameter for all related groups of parameters. We will notify you and close this issue after the fix.
Also, thank you for the feedback about not complete documentation about OCSP/CRL related configuration. We will update the documentation too.
from acra.
And here are the logs from running it with this configuration (commented out: #tls_ocsp_database_from_cert: ignore
)
The problem here is, it works normally once tls_ocsp_database_from_cert: ignore
is set (uncommented).
I believe it should work normally just because tls_ocsp_from_cert: ignore
is set because that is the documented behaviour.
Lines such as this, do not appear when the setting is uncommented (problem behaviour doesn't happen):
time="2022-12-22T05:09:24Z" level=debug msg="OCSP: appending server http://r3.o.lencr.org, from cert"
In fact, no mention of OCSP appears in the log in this case.
from acra.
The documentation wasn't updated yet. Will close after that.
from acra.
We have updated docs and fixed cli args processing.
Thanks for contribution
from acra.
Related Issues (20)
- [ISSUE] Acra is not parsing inserts ending in 'RETURNING 0' HOT 4
- [ISSUE] Using Acra as proxy/encryptor with rails app fails to encrypt HOT 4
- [ISSUE] Acra throws errors on tables with columns wrapped with double quotes HOT 3
- [ISSUE] Acra replaces null values by an empty string when using prepared statements HOT 3
- Clarification on replacement of Zones HOT 2
- [ISSUE] Tokenization in MariaDB HOT 2
- Question HOT 2
- [ISSUE] "Error 2006: MySQL server has gone away" while executing mysqli prepared statements HOT 1
- [ISSUE] PAN masking does not meet the PCI SSC requirements HOT 1
- Question about AcraCensor: SQL query without "FROM" HOT 2
- Question about poison records HOT 7
- Online SQL grammar editor/tester
- Ask: How to use Masking? HOT 3
- [ISSUE] Encryption Not working HOT 4
- [ISSUE]Reducing overhead HOT 3
- [ISSUE]Supported MySQL Versions HOT 2
- [Query] acraserver in distributed environment behind load balancer HOT 4
- [ISSUE] Index on encrypted column HOT 1
- [ISSUE]Facing lot of "use of closed network connection" error HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acra.