-
Notifications
You must be signed in to change notification settings - Fork 104
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add TLS support #153
Add TLS support #153
Conversation
This is based on the changes in `gomemcache` PR grobie/gomemcache#2. The original non-TLS behaviour is unchanged, however when `--tls.enable` is given, the net connection is created by the `crypto/tls` module instead of the `net` module. The PR follows a similar setup to the TLS code in `amtool` and left cert/key/ca/servername/insecure-skip-verify configurable. The `ServerName` defaults to the provided address which seems a sensible default. During testing, verification of the server certificates was expecting an IP SAN even when a hostname is provided as the connection address, hence the default. Signed-off-by: Nick Rhodes <nrhodes91@gmail.com>
Signed-off-by: Ben Ye <benye@amazon.com>
Signed-off-by: Ben Ye <benye@amazon.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM although I would prefer if @grobie could merge the TLS support so we don't have to do that replace
+1. If @grobie could help review that patch then it would be really appreciated. |
I'd forgotten about this; thanks for following up. |
Thanks for bringing this up to my attention @matthiasr. I'm very short on time these days, can take over the rest of the review process here? Thanks. |
@grobie Can you please transfer the memcached library to the Prometheus org? |
I think that's a good idea - at least for now. It seems the OG version has woken up recently (but TLS support is still pending, so maybe eventually we can re-merge the two. |
Signed-off-by: Ben Ye <benye@amazon.com>
Follow-up to #153. Signed-off-by: Matthias Rampke <matthias@prometheus.io>
This PR continues the work of @nrhodes91 in #125.
Addressed the review comments in the previous PR and also update the gomemcache package with the required TLS config.