[WIP]Feat: support TLS configuration in broker/client #166
Conversation
src/groups/mqb/mqbcfg/mqbcfg.xsd
Outdated
| Use the new NTF based TCP transport library instead of | ||
| the existing one based on BTE | ||
| tls.................: |
There was a problem hiding this comment.
Possible to rename this flag to useTls similar to useNtf.
There was a problem hiding this comment.
Yeah useTls is probably better. Also, should this field go inside TlsConfig complex type?
There was a problem hiding this comment.
Yeah
useTlsis probably better. Also, should this field go insideTlsConfigcomplex type?
It's a good question.
We have several possibilities.
- Current structure,
useTlsandtlsConfigsettings are placed in different paths. useTlsis a part oftlsConfig.useTlsis not a part oftlsConfig, but they both are placed near each other inTcpInterfaceConfig.- Implicit approach: no
useTlsflag, optionaltlsConfigpresence is a marker that TLS should be used.
2 and 3 are good for me.
678098
force-pushed
the
T2251_TLS_config
branch
from
80a0466
to
b4f51ab
Compare
src/groups/mqb/mqbcfg/mqbcfg.xsd
Outdated
| <sequence> | ||
| <element name='certificateAuthority' type='string'/> | ||
| <element name='certificate' type='string'/> | ||
| <element name='key' type='string'/> | ||
| </sequence> |
There was a problem hiding this comment.
We should give ourselves some room to specify the exact protocol, in case we want to specific exact versions of the TLS protocol that we want
src/groups/mqb/mqbcfg/mqbcfg.xsd
Outdated
| @@ -97,6 +98,7 @@ | |||
| <element name='plugins' type='tns:Plugins'/> | |||
| <element name='messagePropertiesV2' type='tns:MessagePropertiesV2'/> | |||
| <element name='configureStream' type='boolean' default='false'/> | |||
| <element name="tls" type='tns:TlsConfig' minOccurs='0'/> | |||
There was a problem hiding this comment.
May want to call it tlsConfig or tlsCfg.
More importantly, should this field go inside networkInterfaces or tcpInterface, since it is transport-related?
src/groups/mqb/mqbcfg/mqbcfg.xsd
Outdated
| Use the new NTF based TCP transport library instead of | ||
| the existing one based on BTE | ||
| tls.................: |
There was a problem hiding this comment.
Yeah useTls is probably better. Also, should this field go inside TlsConfig complex type?
678098
force-pushed
the
T2251_TLS_config
branch
from
b4f51ab
to
497427d
Compare
Signed-off-by: Evgeny Malygin <emalygin@bloomberg.net>
Signed-off-by: Evgeny Malygin <emalygin@bloomberg.net>
678098
force-pushed
the
T2251_TLS_config
branch
from
497427d
to
6ff1b8c
Compare
| A path to the FILE, containing the private key that the broker uses | ||
| to read the certificate. | ||
| version..............: | ||
| Protocol version. |
There was a problem hiding this comment.
would be good to give an example of what's expected here e.g. "TLS1.2"
from the point of view of the server you might want to allow a set of versions or at least version 1.2 or greater.
It's good to spec out exactly what this parameter means
There was a problem hiding this comment.
@willhoy we plan to use a list of versions indeed
No description provided.