From 9cbc2ed20f710326d16e8fe7357999eaa3f90142 Mon Sep 17 00:00:00 2001 From: наб Date: Thu, 13 May 2021 06:21:35 +0200 Subject: libzfs: add keylocation=https://, backed by fetch(3) or libcurl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add support for http and https to the keylocation properly to allow encryption keys to be fetched from the specified URL. Reviewed-by: Brian Behlendorf Reviewed-by: Ryan Moeller Signed-off-by: Ahelenia Ziemiańska Issue #9543 Closes #9947 Closes #11956 --- man/man7/zfsprops.7 | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'man') diff --git a/man/man7/zfsprops.7 b/man/man7/zfsprops.7 index 73e7ed972..8b79603f4 100644 --- a/man/man7/zfsprops.7 +++ b/man/man7/zfsprops.7 @@ -1099,7 +1099,7 @@ Even though the encryption suite cannot be changed after dataset creation, the keyformat can be with .Nm zfs Cm change-key . .It Xo -.Sy keylocation Ns = Ns Sy prompt Ns | Ns Sy file:// Ns Em +.Sy keylocation Ns = Ns Sy prompt Ns | Ns Sy file:// Ns Em Ns | Ns Sy https:// Ns Em
| Ns Sy http:// Ns Em
.Xc Controls where the user's encryption key will be loaded from by default for commands such as @@ -1126,6 +1126,24 @@ but users should be careful not to place keys which should be kept secret on the command line. If a file URI is selected, the key will be loaded from the specified absolute file path. +If an HTTPS or HTTP URL is selected, it will be GETted using +.Xr fetch 3 , +libcurl, or nothing, depending on compile-time configuration and run-time +availability. +The +.Ev SSL_CA_CERT_FILE +environment variable can be set to set the location +of the concatenated certificate store. +The +.Ev SSL_CA_CERT_PATH +environment variable can be set to override the location +of the directory containing the certificate authority bundle. +The +.Ev SSL_CLIENT_CERT_FILE +and +.Ev SSL_CLIENT_KEY_FILE +environment variables can be set to configure the path +to the client certificate and its key. .It Sy pbkdf2iters Ns = Ns Ar iterations Controls the number of PBKDF2 iterations that a .Sy passphrase -- cgit v1.2.3