Pull request #1269: tls: hide saved private key

Merge in DNS/adguard-home from 1898-hide-private-key to master Squashed commit of the following: commit 542569bbc098541f8e191cc5c1e5509a65fe2c5f Merge: a07d715f 756c7064 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Fri Aug 27 13:29:15 2021 +0300 Merge branch 'master' into 1898-hide-private-key commit a07d715f0f0932fdad4ec3f1e1a265b43809e21b Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Thu Aug 26 19:45:39 2021 +0300 fix bug commit 9f2b70719a24aab827c2dc300fc94bf2202527a7 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Thu Aug 26 19:07:17 2021 +0300 fixes commit e79f0e620844531a737fff5a88f5c2cffc403f51 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Thu Aug 26 18:35:32 2021 +0300 more documentation to god of documentation commit 47790964ed05f50c075f6b6497b1517b0d974bea Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Thu Aug 26 18:23:08 2021 +0300 changed var named && fixed description commit d35de5a34eafb3ffbd1148982dd31735a2000377 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Thu Aug 26 18:11:13 2021 +0300 revert locales commit 514ab1a5d90039bf9aad1389dd0ed966fd1a7e65 Merge: 5d9b992a 16092e8b Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Thu Aug 26 14:41:27 2021 +0300 Merge branch 'master' into 1898-hide-private-key commit 5d9b992a236dec276a46a035509da6938a7da7bf Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Thu Aug 26 14:41:13 2021 +0300 here we go again commit 2e7b30df5f19953f4e055394083be62b23028ad6 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Fri Aug 20 17:11:49 2021 +0300 update deps commit 5e58c3e22a77c42f321deb9707f34f031b345d75 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Fri Aug 20 17:10:19 2021 +0300 small fix commit c2096377de0a8ecf4f36567322ad9171c5fb5ab2 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Fri Aug 20 17:07:45 2021 +0300 fixes && updated translations commit ada2d4784e6288b1740b8564b6ffc1ef8f0dcf68 Merge: dc5ce072 550b1798 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Fri Aug 20 13:17:34 2021 +0300 Merge branch 'master' into 1898-hide-private-key commit dc5ce0721b5c095ed79f2a302ad90d9616785f93 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Fri Aug 13 20:12:18 2021 +0300 tls: hide saved private key If private key saved as a string, then hide it from the answer to UI
2021-08-27 13:42:31 +03:00
parent 756c70644d
commit 8454e65cd9
15 changed files with 476 additions and 309 deletions
--- a/openapi/CHANGELOG.md
+++ b/openapi/CHANGELOG.md
@@ -4,6 +4,13 @@

 ## v0.107: API changes

+### The new field `"private_key_saved"` in `TlsConfig`
+
+* The new field `"private_key_saved"` in `POST /control/tls/configure`,
+`POST /control/tls/validate` and `GET /control/tls/status` is true if the
+private key was previously saved as a string and now the private key omitted
+from communication between server and client due to security issues.
+
 ### The new field `"cache_optimistic"` in DNS configuration

 * The new optional field `"cache_optimistic"` in `POST /control/dns_config`
--- a/openapi/openapi.yaml
+++ b/openapi/openapi.yaml
@@ -2075,6 +2075,14 @@
        'private_key':
          'type': 'string'
          'description': 'Base64 string with PEM-encoded private key'
+        'private_key_saved':
+          'type': 'boolean'
+          'example': true
+          'description': >
+            Set to true if the user has previously saved a private key as
+            a string.  This is used so that the server and the client don't
+            have to send the private key between each other every time,
+            which might lead to security issues.
        'certificate_path':
          'type': 'string'
          'description': 'Path to certificate file'