Re: Brainstorming to add JWT verify to HAPoxy (was: Re: What's the "best" way to read a file in a sample converter)

2021-05-01 Thread Julien Pivotto
On 01 May 18:40, Aleksandar Lazic wrote: > > On 01.05.21 14:38, Julien Pivotto wrote: > > I do not know what you are trying to achieve. > > I try to add on the first line of defense => HAProxy, the possibility to > protect > the backend attack without to talk outside of HAProxy. > > > Did you s

Re: Brainstorming to add JWT verify to HAPoxy

2021-05-01 Thread Aleksandar Lazic
On 01.05.21 15:08, Tim Düsterhus wrote: Aleks, On 5/1/21 1:42 PM, Aleksandar Lazic wrote: # Extract the JSON Web Algorithms (JWA) from Bearer Token. http-request set-var(txn.jwt_algo) req.hdr(Authorization),word(1,.),ub64dec,json_query('$.alg')  if bearer_header_exist Trusting the algorithm

Re: Brainstorming to add JWT verify to HAPoxy (was: Re: What's the "best" way to read a file in a sample converter)

2021-05-01 Thread Aleksandar Lazic
On 01.05.21 14:38, Julien Pivotto wrote: I do not know what you are trying to achieve. I try to add on the first line of defense => HAProxy, the possibility to protect the backend attack without to talk outside of HAProxy. Did you see https://github.com/criteo/haproxy-spoe-auth ? Well ye

Re: Brainstorming to add JWT verify to HAPoxy

2021-05-01 Thread Tim Düsterhus
Aleks, On 5/1/21 1:42 PM, Aleksandar Lazic wrote: # Extract the JSON Web Algorithms (JWA) from Bearer Token. http-request set-var(txn.jwt_algo) req.hdr(Authorization),word(1,.),ub64dec,json_query('$.alg')   if bearer_header_exist Trusting the algorithm specified in the JWT is unsafe and a co

Re: Brainstorming to add JWT verify to HAPoxy (was: Re: What's the "best" way to read a file in a sample converter)

2021-05-01 Thread Julien Pivotto
I do not know what you are trying to achieve. Did you see https://github.com/criteo/haproxy-spoe-auth ? On 01 May 13:42, Aleksandar Lazic wrote: > > On 30.04.21 02:01, Aleksandar Lazic wrote: > > Hi. > > > > I think about to integrate the "l8w8jwt_decode(...)" into HAProxy. > > https://github.c

Re: [ANNOUNCE] haproxy-2.4-dev18

2021-05-01 Thread Aleksandar Lazic
Hi. On 01.05.21 09:14, Willy Tarreau wrote: Hi, HAProxy 2.4-dev18 was released on 2021/05/01. It added 51 new commits after version 2.4-dev17. It seems that it's been quite a calm week in terms of development, with most of the time having been spent on old bugs that are not even *that* serious

Brainstorming to add JWT verify to HAPoxy (was: Re: What's the "best" way to read a file in a sample converter)

2021-05-01 Thread Aleksandar Lazic
On 30.04.21 02:01, Aleksandar Lazic wrote: Hi. I think about to integrate the "l8w8jwt_decode(...)" into HAProxy. https://github.com/GlitchedPolygons/l8w8jwt The RS* methods requires some "RSA_PRIVATE_KEY[] = ..." and I'm not sure what's the best method for a sample to read such a key in HAPr

[ANNOUNCE] haproxy-2.4-dev18

2021-05-01 Thread Willy Tarreau
Hi, HAProxy 2.4-dev18 was released on 2021/05/01. It added 51 new commits after version 2.4-dev17. It seems that it's been quite a calm week in terms of development, with most of the time having been spent on old bugs that are not even *that* serious. Most of them were corner cases occasionally c