Re: [Bacula-users] Question about bacula and tls

Thank you so much to all of you :) :) > El 2 oct 2015, a las 12:54, Josh Fisher escribió: > > > > On 10/2/2015 2:47 AM, Egoitz Aurrekoetxea wrote: >> Good morning mates, >> >> Apologies for my very very late response…. >> >> Just one question for confirming, in Josh’s

Re: [Bacula-users] Question about bacula and tls

Good morning mates, Apologies for my very very late response…. Just one question for confirming, in Josh’s third point, when sais : > Level 3: > # This level requires encryption and that the certificate presented by > the peer be signed by a trusted CA It means a CA in CA certificate

Re: [Bacula-users] Question about bacula and tls

On 10/2/2015 2:47 AM, Egoitz Aurrekoetxea wrote: Good morning mates, Apologies for my very very late response…. Just one question for confirming, in Josh’s third point, when sais : Level 3: # This level requires encryption and that the certificate presented by the peer be

Re: [Bacula-users] Question about bacula and tls

Hello Egoitz, Is this thread clear? If you have your own dedicated CA, then take care of her :). This way and having level 4 bacula TLS configured as Josh explained, then your communication will be "secure" (never say that we are 100% secure...). Thank you very much Josh. Best regards, Ana

Re: [Bacula-users] Question about bacula and tls

Hi Ana!! Really thanks for answering my doubts :) I do answer in black below... > El 30/9/2015, a las 6:24, Ana Emília M. Arruda > escribió: > > > On Mon, Sep 28, 2015 at 6:20 PM, Egoitz Aurrekoetxea > wrote: >

Re: [Bacula-users] Question about bacula and tls

On 9/30/2015 3:18 AM, Egoitz Aurrekoetxea wrote: Hi Ana!! Really thanks for answering my doubts :) I do answer in black below... El 30/9/2015, a las 6:24, Ana Emília M. Arruda > escribió: On Mon, Sep 28, 2015 at 6:20 PM, Egoitz

Re: [Bacula-users] Question about bacula and tls

On Mon, Sep 28, 2015 at 6:20 PM, Egoitz Aurrekoetxea wrote: > Good night, > ​Good night Egoitz. Sorry for my late reply.​ > > First of all thanks a lot for your time :) > ​Thank you for this thread :)​ > > El 28/9/2015, a las 21:46, Ana Emília M. Arruda

Re: [Bacula-users] Question about bacula and tls

Have been taking a look to all this in the source code… It seems that TLS Verify Peer basically ends up by doing (look at bold please) : /* * Create a new TLS_CONTEXT instance. * Returns: Pointer to TLS_CONTEXT instance on success * NULL on failure; */ TLS_CONTEXT

Re: [Bacula-users] Question about bacula and tls

Good night, First of all thanks a lot for your time :) > El 28/9/2015, a las 21:46, Ana Emília M. Arruda > escribió: > > Hello, > > The TLS enable do not force the use of TLS. For example, if you configure > your director with TLS enable = yes and TLS require = no,

[Bacula-users] Question about bacula and tls

Hi mates, Have been doing some checks with Bacula and TLS. At present I have a TLS enable directive, require tis to yes and the ca certificate public key (of an own CA) copied in the server and the client. Now I become an attacker and If I create a new client certificate with the same CN as

Re: [Bacula-users] Question about bacula and tls

Hello, The TLS enable do not force the use of TLS. For example, if you configure your director with TLS enable = yes and TLS require = no, clients can communicate with your director with or without TLS. But if you configure your director with both TLS enable and TLS require = yes, then all your