Giter Site home page Giter Site logo

taskserver-setup's People

Contributors

ddeimeke avatar dependabot[bot] avatar ersanchez avatar lauft avatar nicolasshu avatar stappersg avatar tbabej avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

8sd ersanchez orkung alias-dev stappersg nicolasshu

taskserver-setup's Issues

GitPitch is unhelpful here

Most taskwarrior things have great installation and getting started instructions, but the for some reason the taskserver ones are in the form of a slideshow. Why? Nobody wants to read installation instructions in a form where section headers take up an entire browser window.

Purpose of client key / cert unclear in setup guide. PKI docs confusing in general.

I'd very much like to setup a taskserver instance, and consider myself to reasonably adept with pki (have managed certificates / for smbs). I have to confess being completely confused by the server guide. I think it would be really useful to have a concise statement on how pki is used and what role each option in the config plays in that.

I think taskserver has a really standard setup of mutual tls, and server authentication of client certificates consists of checking if the client certificate is signed by our ca. A cursory reading of the TLSTransaction code seems to confirm this. Using self-signed client certificates is both sensible and secure. The docs don't make this clear at all and spend far more time lecturing on not switching off verification rather giving them the information they need to generate a proper pki setup. There is also no explanation of what the purpose of the client.{cert,key} options are. I had a quick scan of some of the server code and they don't seem to be read on startup, they aren't mentioned in the man pages. Mystery.

I am going to have a go at setting this up in the next few days and if I can get to a decent place, I'll be happy to try and write some words.

Debian gnutls-utils became gnutls-bin

Hello,

My first attempt on generating certificates failed with ERROR: No certtool found.

Installing gnutls-utils is not possible, the package became gnutls-bin.

Screenshot, note the certtool in package description of gnutls-bin.

stappers@hc4:/usr/src/taskserver/pki
$ sudo apt install gnutls-utils
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package gnutls-utils
stappers@hc4:/usr/src/taskserver/pki
$ apt show gnutls-bin                                                              
Package: gnutls-bin
Version: 3.7.1-5
Priority: optional
Section: net
Source: gnutls28
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Installed-Size: 1,747 kB
Depends: libc6 (>= 2.25), libgnutls-dane0 (>= 3.7.0), libgnutls30 (>= 3.7.0-0+private+1), libopts25 (>= 1:5.18.16), libtasn1-6 (>= 4.14)
Homepage: https://www.gnutls.org/
Tag: implemented-in::c, interface::commandline, network::client,
 network::server, protocol::ssl, role::program, security::cryptography,
 suite::gnu
Download-Size: 631 kB
APT-Sources: http://deb.debian.org/debian bullseye/main arm64 Packages
Description: GNU TLS library - commandline utilities
 GnuTLS is a portable library which implements the Transport Layer
 Security (TLS 1.0, 1.1, 1.2, 1.3) and Datagram
 Transport Layer Security (DTLS 1.0, 1.2) protocols.
 .
 GnuTLS features support for:
  - certificate path validation, as well as DANE and trust on first use.
  - the Online Certificate Status Protocol (OCSP).
  - public key methods, including RSA and Elliptic curves, as well as password
    and key authentication methods such as SRP and PSK protocols.
  - all the strong encryption algorithms, including AES and Camellia.
  - CPU-assisted cryptography with VIA padlock and AES-NI instruction sets.
  - HSMs and cryptographic tokens, via PKCS #11.
 .
 This package contains a commandline interface to the GNU TLS library, which
 can be used to set up secure connections from e.g. shell scripts, debugging
 connection issues or managing certificates.
 .
 Useful utilities include:
  - TLS termination: gnutls-cli, gnutls-serv
  - key and certificate management: certtool, ocsptool, p11tool
  - credential management: srptool, psktool

stappers@hc4:/usr/src/taskserver/pki
$

I'll provide a patch.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.