ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Denis Magda <dma...@apache.org>
Subject Re: SSL for ODBC connection
Date Fri, 03 Nov 2017 19:35:47 GMT
Hi Igor,

Could you explain the difference between “allow, prefer and require” modes?

BTW, do we really need to have the “disable” one? Guess that having ssl_mode set to “disable”
will have the same effect as not setting the ssl_mode at all.

—
Denis
 
> On Nov 3, 2017, at 9:04 AM, Igor Sapego <isapego@apache.org> wrote:
> 
> Hi, Igniters,
> 
> I'm going to start working on the SSL support for the ODBC
> connection and I need to hear your opinion.
> 
> For the client side I'm going to use OpenSSL library [1], which is
> standard de-facto for C/C++ applications. Unfortunately its
> licence is not fully compatible with Apache Licence, so its going
> to require from users to install OpenSSL themselves.
> 
> For the driver I'm going to add following options to connection
> string:
> ssl_mode - Determines whether or with what priority a SSL
>    connection will be negotiated with the server. Options
>    here are disable, allow, prefer, require.
> ssl_key_file - Path to the location for the secret key used for the
>    client certificate.
> ssl_cert_file - Path to the file of the client SSL certificate.
> 
> If the ssl_mode is not set to "disable" then ODBC driver will
> attempt to find and load OpenSSL library before establishing
> connection.
> 
> For the server side there is already SslContextFactory in the
> IgniteConfiguration, which is used by all components to determine
> if the SSL enabled and to figure out connection parameters, so
> I think it's a good idea to just re-use it for the ClientListenerProcessorю
> 
> What do you guys think?
> 
> [1] - https://www.openssl.org
> 
> Best Regards,
> Igor


Mime
View raw message