Updated cookie secrets management #378
Conversation
Partly addressing issue #196
from the old to the new default location
even when they came from the old default location +some small code cleanup and reduced code repetition
|
It's ready for review (and merge if accepted). One thing to consider/discuss is that it has one thing that is not backwards compatible, which is that cookie secrets from config file now are preferred over cookies from the cookie secrets file. Before this was the other way around. But, this feels more logical to me as zones in the configuration file are also preferred over zones in the zone list file. I believe there will be a negligible number of people that have cookie secrets in both the config file and in the cookie secrets file and would depend on the earlier preference to pick the secrets file. |
|
Looks reasonable to me. I agree that despite the backwards-incompatible change, it is unlikely to affect anyone, because no-one would define cookies in both places. |
Thanks @wcawijngaards ! Yes, cleanup secrets on the stack after use is definitely more secure. I think you even found some occurrences that weren't covered before. Co-authored-by: Wouter Wijngaards <[email protected]>
| default: | ||
| ssl_printf(ssl, "source : unknown\n"); | ||
| break; |
There was a problem hiding this comment.
All possibilities are covered, so this is a panic situation(?)
There was a problem hiding this comment.
I guess yes. Would you prefer a assert here?
There was a problem hiding this comment.
Would you prefer an assert?
|
I was reviewing the changes to the man pages and documentation, and it needs spelling and syntax fixes. Let me comment on the changes so you can fix them before merging this branch. |
Thanks! I'm also still addressing the last comment from @k0ekk0ek, which will simplify the code somewhat and also only does the fallback to the old default location for secrets (if there is nothing configured and nothing in the new default location), when nsd just started. |
@anandb-ripencc I am done with review feedback and will merge once you're finished your spelling corrections. |
|
Actually, just merge it. I will then submit a PR to update the documentation. Please don't make a new release before I've submitted documentation fixes. |
|
Looks good te me @wtoorop 👍 |
|
I accidentally committed along changes in simdzone. I'll force push the commit without the simdzone changes, and then merge. |
Right after config is read, so no wrapper is needed anymore to determine the value.
wtoorop
force-pushed
the
bugfix/cookiesecretsfile
branch
from
97fec31
to
c743742
Compare
This PR is in response to issue #196 (and thus also of interest to @anandb-ripencc )
--with-cookiesecretsfile=pathwithconfigure{dbdir}/cookiesecrets.txtcookie-secret-fileoption in the config file, and the new default location does not exist, cookie secrets will be read from the previous default location{configdir}/nsd_cookiesecrets.txtcookie-staging-secretoption.cookie-secretandcookie-staging-secretoption) take precedence over the ones from the cookie secret fileanswer-cookie,cookie-secret,cookie-staging-secretandcookie-secret-file) will be reevaluated and effectuated afternsd-control reconfig