Add support for TLS DNS name allowed lists #9272
Labels
feature request
Requests for new plugin and for new features to existing plugins
Comments
isodude
added
the
feature request
|
Code can be viewed here: https://github.com/isodude/telegraf/tree/tls |
|
Thanks for looking into this. Please make a PR, so your changes are easier to find. |
|
Sure, I'll try to make some tests along with it. |
|
Not forgetting about this, just.. redoing a lot internally. Setting up an ACME server makes the fingerprint list kind of not needed. DNS-names however is quite handy. |
3 tasks
isodude
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature Request
Support for allowing only a certain list of dns names or fingerprints in client certificates
Proposal:
Current behavior:
Only filtering with CA is possible
Desired behavior:
Possible to define
tls_allowed_dns_names = [""]tls_allowed_fingerprints = [""]Such that only defines names or fingerprints is allowed to connect to telegraf
Use case:
Locking down access to telegraf even though the CA is shared along with other purposes.
DNS Names allow for a more dynamic approach which fingerprints allow to really pin the certificate down to exactly one.
The code is complete and I can make a PR with it.
The text was updated successfully, but these errors were encountered: