tarantool / tarantool / 18135359398

push

github

ssl: eliminate sensitive data leak in cfg options

Before this patch sensitive ssl data (password, paths to certificates,
path to private key) could leak into log file during configuring
`listen` and `replication` option of box.cfg. This could lead to serious
security risks.

Now we fix this issue by extending the functionality of the
`purge_ensitive_data_from_uri` function so that it can process not only
string uris, but also table uris with `uri` and `params` options. After
this patch next uri parameters will not be printed in log file:
`password` and all params which contain "ssl_" prefix.

Also we rename main cleaner functions so that user can understand that it
can purge not only `uri.password`, but also other sensitive params (e.g.
ssl params).

Needed for tarantool/tarantool-ee#1438

NO_DOC=<ee bugfix>
NO_TEST=<ee bugfix>
NO_CHANGELOG=<ee bugfix>

(cherry picked from commit 23b5585c3)

68949 of 121813 branches covered (56.6%)

101864 of 116529 relevant lines covered (87.42%)

1794450.88 hits per line