-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add server certificate validation to wazuh agent #444
base: master
Are you sure you want to change the base?
Add server certificate validation to wazuh agent #444
Conversation
f7d9753
to
2e7d6af
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
2e7d6af
to
967804a
Compare
@@ -32,6 +33,7 @@ namespace http_client | |||
const std::string& serverUrl, | |||
std::string endpoint, | |||
std::string userAgent, | |||
std::string verificationMode, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add to list of parameters.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add tests for certificate
and none
cases.
@@ -30,7 +31,7 @@ void RegisterAgent(const std::string& url, | |||
agent_registration::AgentRegistration reg(url, user, password, key, name, dbFolderPath); | |||
|
|||
http_client::HttpClient httpClient; | |||
if (reg.Register(httpClient)) | |||
if (reg.Register(httpClient, verificationMode)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder why you didn't choose to add an m_verificationMode
data member in the AgentRegistration
class.
Although I like it better this way because it makes the Register
function easier to test.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
… agent and windows agent
bc909d7
to
76efee1
Compare
Description
This PR adds server certificate validation.
For server connections when the agent is already registered, a new configuration option is added to control which mode will be used:
Possible Values:
To perform the registration of the agent, a new option was added to the CLI “--verification-mode”, the values that can take are the same as for the previous case:
wazuh-agent --register-agent --user user --password pass --url https://serverIP:55000 --verification-mode certificate
Tests