Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'topic/christian/management-framework-tls'

Browse source 
* topic/christian/management-framework-tls:
  Bump zeek-testing-cluster to pull in WebSocket TLS updates
  Bump zeek-client to pull in TLS config updates
  Management framework: add TLS options for controller's websocket server
This commit is contained in:
Christian Kreibich 2025-08-29 21:53:19 -07:00
commit f38ac30418
6 changed files with 21 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
CHANGES
View file

@ -1,3 +1,11 @@
8.1.0-dev.484 | 2025-08-29 21:53:19 -0700
* Bump zeek-testing-cluster to pull in WebSocket TLS updates (Christian Kreibich, Corelight)
* Bump zeek-client to pull in TLS config updates (Christian Kreibich, Corelight)
* Management framework: add TLS options for controller's websocket server (Arne Welzel, Corelight)
8.1.0-dev.480 | 2025-08-29 15:08:29 -0700
* Move benchmarking to Ubnutu 24 task, add to normal PR builds (Tim Wojtulewicz, Corelight)

2
VERSION
View file

@ -1 +1 @@
8.1.0-dev.480
8.1.0-dev.484

2
auxil/zeek-client

@ -1 +1 @@
Subproject commit 4440c7a05ba4be229ac88d70e8f4eef2465afc50
Subproject commit 62e91d3abc726c3c17be4d70bb222b29b7bb6476

8
scripts/policy/frameworks/management/controller/config.zeek
View file

@ -61,6 +61,14 @@ export {
## for websocket clients.
const default_port_websocket = 2149/tcp &redef;
## TLS options for the controller's WebSocket server. The default is
## to operate unencrypted. To replicate Broker's default encryption
## without endpoint validation, set the
## :zeek:field:`Cluster::WebSocketTLSOptions$ca_file` field to
## "NONE" and :zeek:field:`Cluster::WebSocketTLSOptions$ciphers` to
## "AECDH-AES256-SHA@SECLEVEL=0:AECDH-AES256-SHA:P-384".
const tls_options_websocket = Cluster::WebSocketTLSOptions() &redef;
## Whether the controller should auto-assign Broker listening ports to
## cluster nodes that need them and don't have them explicitly specified
## in cluster configurations.

3
scripts/policy/frameworks/management/controller/main.zeek
View file

@ -1646,7 +1646,8 @@ event zeek_init()
if ( cni$bound_port != 0/unknown )
{
local ws_opts = Cluster::WebSocketServerOptions($listen_addr=to_addr(cni$address),
$listen_port=cni$bound_port);
$listen_port=cni$bound_port,
$tls_options=Management::Controller::tls_options_websocket);
Cluster::listen_websocket(ws_opts);
websocket_info = fmt("websocket port %s:%s", cni$address, cni$bound_port);
}

2
testing/external/commit-hash.zeek-testing-cluster vendored
View file

@ -1 +1 @@
fc635b99a867a925dc23641e5bd37c93306bc981
318f1209d92ca1c5e50c8d39af55e004e506a776