feat(dgw): generate self-signed certificate when no TLS cert is configured for CredSSP#1682
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request enhances the Devolutions Gateway to automatically generate a self-signed TLS certificate for CredSSP credential injection when neither a CredSSP-specific certificate nor a main TLS certificate is configured. Previously, the gateway would fail with an error when attempting credential injection without a configured TLS certificate. Now, it gracefully handles this scenario by generating a minimal self-signed certificate on-the-fly.
Changes:
- Added automatic self-signed certificate generation for CredSSP when no TLS certificate is configured
- Replaced optional TLS requirement checks with a dedicated non-optional
credssp_tlsfield in the configuration - Implemented certificate generation using RSA 2048-bit keys with a 2-year validity period
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| devolutions-gateway/src/config.rs | Added credssp_tls field to Conf struct; implemented generate_self_signed_certificate() function; added logic to initialize credssp_tls by either cloning existing TLS config or generating a new self-signed certificate |
| devolutions-gateway/src/rdp_proxy.rs | Changed to use conf.credssp_tls instead of requiring main TLS configuration |
| devolutions-gateway/src/rd_clean_path.rs | Changed to use conf.credssp_tls instead of requiring main TLS configuration |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…gured for CredSSP When neither a CredSSP-specific certificate nor a main TLS certificate is configured, automatically generate a self-signed certificate for CredSSP credential injection.
Benoît Cortier (CBenoit)
force-pushed
the
fix/generate-self-signed-certificate-for-credssp
branch
from
b2f8388 to
0e72a4b
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Benoît Cortier (CBenoit)
deleted the
fix/generate-self-signed-certificate-for-credssp
branch
3 participants
When neither a CredSSP-specific certificate nor a main TLS certificate is configured, automatically generate a self-signed certificate for CredSSP credential injection.