Skip to content

feat: starttls #558

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 28 commits into
base: main
Choose a base branch
from
Open

feat: starttls #558

wants to merge 28 commits into from

Conversation

JacobCoffee
Copy link
Member

Description

  • Enables optional (may) starttls for receiving (smptd)

Closes

@JacobCoffee JacobCoffee requested a review from ewdurbin as a code owner March 18, 2025 14:35
ewdurbin
ewdurbin reviewed Mar 18, 2025
View reviewed changes
@JacobCoffee
Copy link
Member Author

JacobCoffee commented Apr 1, 2025
edited
Loading

in e655530 pebble is running

vagrant@salt-master:~$ curl -k https://salt-master.vagrant.psf.io:14000/dir
{
   "keyChange": "https://salt-master.vagrant.psf.io:14000/rollover-account-key",
   "meta": {
      "externalAccountRequired": false,
      "termsOfService": "data:text/plain,Do%20what%20thou%20wilt"
   },
   "newAccount": "https://salt-master.vagrant.psf.io:14000/sign-me-up",
   "newNonce": "https://salt-master.vagrant.psf.io:14000/nonce-plz",
   "newOrder": "https://salt-master.vagrant.psf.io:14000/order-plz",
   "revokeCert": "https://salt-master.vagrant.psf.io:14000/revoke-cert"

but hitting:

2025-04-01 15:15:14,982:ERROR:certbot._internal.log:An unexpected error occurred:
2025-04-01 15:15:14,982:ERROR:certbot._internal.log:requests.exceptions.SSLError: HTTPSConnectionPool(host='salt-master.vagrant.psf.io', port=14000): Max retries exceeded with url: /dir (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)')))

tried with - server: https://salt-master.psf.io:14000/dir and - server: https://localhost:14000/dir and http counterparts

ewdurbin
ewdurbin reviewed Apr 14, 2025
View reviewed changes
ewdurbin
ewdurbin reviewed Apr 21, 2025
View reviewed changes
ewdurbin
ewdurbin reviewed Apr 24, 2025
View reviewed changes
@JacobCoffee JacobCoffee requested a review from ewdurbin May 6, 2025 16:20
ewdurbin
ewdurbin reviewed Oct 7, 2025
View reviewed changes
ewdurbin
ewdurbin reviewed Oct 7, 2025
View reviewed changes
@JacobCoffee JacobCoffee requested a review from ewdurbin October 8, 2025 14:07
ewdurbin
ewdurbin reviewed Oct 8, 2025
View reviewed changes
@JacobCoffee JacobCoffee requested a review from ewdurbin October 8, 2025 19:23
JacobCoffee
JacobCoffee commented Oct 8, 2025
View reviewed changes
@ewdurbin
Copy link
Member

I had some nit picks (commit by commit) in the pillar data but looks good. I think this is fairly safe to ship since the certificates fetched should only end up being used by the roundup box until we update https://github.com/python/psf-salt/blob/main/salt/haproxy/config/haproxy.cfg.jinja#L100-L103

ewdurbin
ewdurbin approved these changes Oct 14, 2025
View reviewed changes
Copy link
Member

@ewdurbin ewdurbin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry! forgot this part

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ewdurbin ewdurbin ewdurbin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support for starttls on roundup-tracker.org

2 participants

@JacobCoffee @ewdurbin