Skip to content

Gh 22 ssl support #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
DifferentialOrange wants to merge 7 commits into
base: master
Choose a base branch
from
Draft

Gh 22 ssl support #2

DifferentialOrange wants to merge 7 commits into from

Conversation

@DifferentialOrange
Copy link
Owner

@DifferentialOrange DifferentialOrange commented Aug 11, 2022

No description provided.

@DifferentialOrange DifferentialOrange force-pushed the gh-22-SSL-support branch 2 times, most recently from 56fc62a to 81ca2dd Compare August 17, 2022 10:41
igorcoding and others added 3 commits August 19, 2022 20:32
@igorcoding
v2.0.1
5f9b4af 
* Fixed an issue with encoding datetimes less than 01-01-1970 (fixes [igorcoding#29](igorcoding#29))
* Fixed "Edit on Github" links in docs (fixes [igorcoding#26](igorcoding#26))
@igorcoding
up version
c6eebc9
@DifferentialOrange
Fix running tests for Tarantool Enterprise
108c6f9 
Stream tests use `tarantool -V` output to check version. For Tarantool
Enterprise, `tarantool -V` output is "Tarantool Enterprise <version>",
thus it is incorrect to extract the version tag by splitting by spaces.

Part of igorcoding#22
@DifferentialOrange
Support SSL encrypted connection to Tarantool EE
8b72969 
This patch adds support for using SSL to encrypt the client-server
communications [1]. The patch is based on a similar patch in
tarantool/tarantool-python connector [2].

To use SSL encrypted connection, use Connection parameters:

  conn = asynctnt.Connection(host='127.0.0.1',
                             port=3301,
                             transport=asynctnt.Transport.SSL,
                             ssl_key_file='./ssl/host.key',
                             ssl_cert_file='./ssl/host.crt',
                             ssl_ca_file='./ssl/ca.crt',
                             ssl_ciphers='ECDHE-RSA-AES256-GCM-SHA384')

If Tarantool server uses "ssl" transport, client connection also need to
use asynctnt.Transport.SSL transport. If server side had ssl_ca_file
set, ssl_key_file and ssl_cert_file are mandatory from the client side,
otherwise optional. CA file and ciphers are optional. See available
ciphers in Tarantool EE documentation [3].

1. https://www.tarantool.io/en/enterprise_doc/security/#enterprise-iproto-encryption
2. tarantool/tarantool-python#220
3. https://www.tarantool.io/en/enterprise_doc/security/#supported-ciphers

Closes igorcoding#22
@DifferentialOrange
Support starting Tarantool server with SSL
6f934fc 
SSL encrypted server could be started with Tarantool Enterprise 2.10 or
newer. To configure encryption, additional listen params must be passed.
ssl_key_file and ssl_cert_file are mandatory if transport is
asynctnt.Transport.SSL .

Follows up igorcoding#22
@DifferentialOrange
Add SSL tests
369d932 
To run SSL tests, use Tarantool Enterprise 2.10 or newer and set
TEST_TT_SSL=TRUE flag. The patch is based on a similar patch in
tarantool/tarantool-python connector [1].

1. tarantool/tarantool-python#220

Follows up igorcoding#22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@DifferentialOrange @igorcoding