Comments (5)
Anything related to certificates is handled by the tls
go package, specifically LoadX509KeyPair()
. LoadX509KeyPair
takes a public/private key pair as its input.
If you use --insecure
you shouldn't have to provide any cert or key. Is the bot still not able to connect when using --insecure
? Do you require users who connect to your server to have certificates?
from mumbledj.
My issue isn't with just getting the bot to connect. If --cert/--key are supposed to be for SSL pinning, then they don't work. You can do pinning by only providing the server's cert or key. Requiring the server's private key for that is aboslutely the wrong thing to do. So, what are the purpose of --cert/--key? What is the intended feature?
From the Go docs, what I am probably looking for would be use the tls Dial, then get the ConnectionState from the Conn, then compare the cert provided to the bot with the PeerCertificates. (Or the public key provided to the bot with the public keys extracted from the PeerCertificates.)
from mumbledj.
Sorry about the late response, been busy with work.
I think it may be worth opening an issue on the gumble repo, as I'm simply following the example set there.
Here's an example in a related project where the same method is used: https://github.com/layeh/piepan/blob/master/cmd/piepan/main.go#L62-L72
If you know of a better/more secure way to do this, please feel free to open a PR. To be quite honest with you I'm not an expert on SSL-related things.
from mumbledj.
It looks like those two parameters are not for pinning but for user auth, since piepan and gumble's sample code don't accept the user's key and cert in p12 format.
For pinning, the general idea would be connect, get the connection state, then from that get the peer certificates and make sure the public key of one of the certs matches a public key for the server that the user provides. I don't think most users would care for this feature, though.
from mumbledj.
Yeah, the key and cert are in pem
format.
You can, however, use the --p12
commandline argument to supply a p12
file for authenticating as a registered user.
from mumbledj.
Related Issues (20)
- The audio download for this video failed. <the video> has likely not generated the audio files for this track yet. HOT 2
- Problem with youtube links HOT 2
- panic: runtime error: slice bounds out of range HOT 10
- Pine64 config file and command arguments ignored. HOT 9
- Bot crashed after mumble restart HOT 4
- [Feature Request] Default Playlist File HOT 3
- Queue not playing next songs and bot partially responding to commands HOT 17
- Disconnecting right after connecting HOT 15
- Soundcloud plays only the first song HOT 2
- [error] - certificate signed by unknown authority HOT 3
- configuration file set to avconv not looking for avconv HOT 6
- Go Panic HOT 2
- Go Panic (second edition) HOT 4
- Skip feature HOT 2
- Continuous playback/loop feature HOT 1
- Go panic (unknown edition) HOT 3
- Go Panic (dual edition)
- Support For MultiUser Environments HOT 1
- MumbleDJ will not take commands or read configs (intel based system) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mumbledj.