ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Sapego <isap...@apache.org>
Subject Re: SSL for ODBC connection
Date Mon, 20 Nov 2017 08:42:26 GMT
Ok, then how about the following set of options:

ssl_enabled=[true|false]
ssl_key_file=<path_to_secret_key>
ssl_cert_file=<path_to_certificate>


Best Regards,
Igor

On Tue, Nov 14, 2017 at 5:21 PM, Vladimir Ozerov <vozerov@gridgain.com>
wrote:

> I think it would be enough to have a single switch for now.
>
> On Tue, Nov 7, 2017 at 10:04 PM, Denis Magda <dmagda@apache.org> wrote:
>
> > Igor,
> >
> > Thanks for the clarification. Please file a ticket if nobody else shares
> a
> > feedback soon.
> >
> > —
> > Denis
> >
> > > On Nov 7, 2017, at 1:23 AM, Igor Sapego <isapego@apache.org> wrote:
> > >
> > > Hi Denis,
> > >
> > >> Could you explain the difference between “allow, prefer and require”
> > > modes?
> > > allow - Client will first try connecting without SSL, and then fallback
> > to
> > > SSL if it is not allowed to connect without SSL;
> > > prefer - Client will first try connecting using SSL, and then fallback
> to
> > > non-SSL if SSL is not supported by the server;
> > > disable - Client will only connect using SSL and return error if failed
> > to
> > > successfully do so.
> > >
> > >> BTW, do we really need to have the “disable” one? Guess that having
> > > ssl_mode set to “disable” will have the same effect as not setting the
> > > ssl_mode at all.
> > > This is the matter of the default value of the ssl_mode option. The way
> > you
> > > propose it means that you still has "disable" option, it is just is not
> > > explicit.
> > >
> > > Best Regards,
> > > Igor
> > >
> > > On Fri, Nov 3, 2017 at 10:35 PM, Denis Magda <dmagda@apache.org>
> wrote:
> > >
> > >> Hi Igor,
> > >>
> > >> Could you explain the difference between “allow, prefer and require”
> > modes?
> > >>
> > >> BTW, do we really need to have the “disable” one? Guess that having
> > >> ssl_mode set to “disable” will have the same effect as not setting
the
> > >> ssl_mode at all.
> > >>
> > >> —
> > >> Denis
> > >>
> > >>> On Nov 3, 2017, at 9:04 AM, Igor Sapego <isapego@apache.org>
wrote:
> > >>>
> > >>> Hi, Igniters,
> > >>>
> > >>> I'm going to start working on the SSL support for the ODBC
> > >>> connection and I need to hear your opinion.
> > >>>
> > >>> For the client side I'm going to use OpenSSL library [1], which is
> > >>> standard de-facto for C/C++ applications. Unfortunately its
> > >>> licence is not fully compatible with Apache Licence, so its going
> > >>> to require from users to install OpenSSL themselves.
> > >>>
> > >>> For the driver I'm going to add following options to connection
> > >>> string:
> > >>> ssl_mode - Determines whether or with what priority a SSL
> > >>>   connection will be negotiated with the server. Options
> > >>>   here are disable, allow, prefer, require.
> > >>> ssl_key_file - Path to the location for the secret key used for the
> > >>>   client certificate.
> > >>> ssl_cert_file - Path to the file of the client SSL certificate.
> > >>>
> > >>> If the ssl_mode is not set to "disable" then ODBC driver will
> > >>> attempt to find and load OpenSSL library before establishing
> > >>> connection.
> > >>>
> > >>> For the server side there is already SslContextFactory in the
> > >>> IgniteConfiguration, which is used by all components to determine
> > >>> if the SSL enabled and to figure out connection parameters, so
> > >>> I think it's a good idea to just re-use it for the
> > >> ClientListenerProcessorю
> > >>>
> > >>> What do you guys think?
> > >>>
> > >>> [1] - https://www.openssl.org
> > >>>
> > >>> Best Regards,
> > >>> Igor
> > >>
> > >>
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message