You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Support client certificates as a method to identify the indexer to RPC/gRPC endpoints. This improves system security and stability by allowing the usage of private RPC endpoints for indexing, decreasing the effectiveness of an attack on the RPC endpoints.
Implementation proposal
Add two optional configuration fields to the node config yaml struct: client_certificate_pem and client_certificate_key.
the value of the first should be a filesystem path pointing to a PEM-encoded certificate file
the value of the second should be a filesystem path pointing to a PEM-encoded private key file with no password
The contents of these files should be validated and callisto should fail to start if they are not PEM files, passworded, mismatched, or unsupported by SSL libraries after decoding.
When initializing the HTTPS and GRPC clients, the certificate and key data should be passed as parameters to the clients, as per those clients' documentation.
This feature can be deemed complete once both RPC and gRPC endpoints configured for client certificate identification are successfully used by callisto.
The text was updated successfully, but these errors were encountered:
Feature description
Support client certificates as a method to identify the indexer to RPC/gRPC endpoints. This improves system security and stability by allowing the usage of private RPC endpoints for indexing, decreasing the effectiveness of an attack on the RPC endpoints.
Implementation proposal
Add two optional configuration fields to the node config yaml struct: client_certificate_pem and client_certificate_key.
the value of the first should be a filesystem path pointing to a PEM-encoded certificate file
the value of the second should be a filesystem path pointing to a PEM-encoded private key file with no password
The contents of these files should be validated and callisto should fail to start if they are not PEM files, passworded, mismatched, or unsupported by SSL libraries after decoding.
When initializing the HTTPS and GRPC clients, the certificate and key data should be passed as parameters to the clients, as per those clients' documentation.
This feature can be deemed complete once both RPC and gRPC endpoints configured for client certificate identification are successfully used by callisto.
The text was updated successfully, but these errors were encountered: