Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for mTLS #467

Closed
chrisstaite-menlo opened this issue Dec 12, 2023 · 3 comments · Fixed by #470
Closed

Add support for mTLS #467

chrisstaite-menlo opened this issue Dec 12, 2023 · 3 comments · Fixed by #470
Labels
enhancement New feature or request

Comments

@chrisstaite-menlo
Copy link
Collaborator

Now we're transitioning to building production builds with native-link we find it necessary to secure our AC to avoid the possibility of malicious actors on the network injecting bad objects into our builds. The simplest method to perform this is to simply provide mTLS.

This should support verification from a CA and also a CRL file to allow revocation to be performed.
@chrisstaite-menlo
Copy link
Collaborator Author

Relates to #360

@allada
Copy link
Member

allada commented Dec 12, 2023

Does our current TLS impl not satisfy this?

ref:

nativelink/nativelink-config/src/cas_server.rs

Line 284 in 378b806

pub tls: Option<TlsConfig>,

@chrisstaite-menlo chrisstaite-menlo mentioned this issue Dec 12, 2023
Merged
5 tasks
@chrisstaite-menlo
Copy link
Collaborator Author

No, mTLS requires a little bit more...

@allada allada added the enhancement New feature or request label Dec 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for mTLS chrisstaite-menlo/turbo-cache
2 participants
@allada @chrisstaite-menlo