Adds TLS support #122
Adds TLS support #122
Conversation
|
@repejota I've updated this PR to allow a custom stream context to be passed in, allowing any of the TLS options to be configured externally to the library. This has been added to the ConnectionOptions class. Example usage: <?php
require_once __DIR__.'/vendor/autoload.php';
$context = stream_context_create();
stream_context_set_option($context, 'ssl', 'verify_peer', true);
stream_context_set_option($context, 'ssl', 'cafile', '/var/lib/puppet/ssl/certs/ca.pem');
$connectionOptions = new \Nats\ConnectionOptions();
$connectionOptions->setHost('localhost')->setPort(4443)->setStreamContext($context);
$client = new \Nats\Connection($connectionOptions);
$client->connect();
// Simple Subscriber.
$client->subscribe(
'foo',
function ($message) {
printf("Data: %s\r\n", $message->getBody());
}
);
// Wait for 1 message.
$client->wait();
$client->close(); |
| $this->processServerInfo($infoResponse); | ||
| if ($this->serverInfo->isTLSRequired()) { | ||
| set_error_handler( | ||
| function ($errno, $errstr, $errfile, $errline) { |
There was a problem hiding this comment.
@tomponline: Should we include restore_error_handler here (before we throw)? Otherwise once this is caught, we won't have cleaned up the error handler we set, right?
|
So, I've been looking into why this pull request failed. What I suspect might be the cause is a recent commit to NATS (June 21st) adds This code was passing in master, possibly as the Docker image for NATS has been updated since the last commit 68e6d24 (June 9th) which is before the aforementioned commit adding @repejota: Is there a way to -- and would you want to -- restrict which version of the Docker image you are using? As I can't seem to commit directly here, I've prepared a patch file which @tomponline can apply to fix this. |
|
@repejota this has been updated to work with unit tests on latest gnatsd server now, are you OK to merge? |
This reverts commit c604bd3.
This reverts commit b77907a.
This reverts commit b1f925a.
This commit improves support for NATS 1.2.x by checking if several fields; `auth_required`, `tls_required`, and `tls_verify` are set in the initial INFO packet. As of NATS 1.2, these fields aren't always set, which can cause an E_NOTICE to be raised. Without this change, the unit tests are failing because the Docker container has been updated to 1.2.0, and PHPUnit is configured to treat notices as test failures. See: nats-io/nats-server@17fecd4#diff-91bbeda7eb98a7adc57b9e47e2cf5c2b
|
Hi @repejota have you had a chance to look at this since you've come back from holiday? Would be great to get this merged if you're happy with it. Trying to avoid having to fork. Cheers |
|
Awesome thanks @repejota |
|
Gonna be adding a few things (mostly documentation and help files for
github) and will release 0.9 version.
Again thanks for your work mate! :D
…On Wed, Sep 5, 2018 at 2:56 PM TomP ***@***.***> wrote:
Awesome thanks @repejota <https://github.com/repejota>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#122 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AACPQa4gmMnvi0GGPVZ-tF9OkT_UuwRAks5uX8oPgaJpZM4VZlKJ>
.
--
--
Raül Pérez, repejota@gmail.com
|
|
@tomponline this is gold... will implement with our Golang stack and advise |
|
Hi @repejota |
|
@repejota Really need this to go live. We are a company using the package but we cant go to production before TLS is supported. :) |
Hi @repejota
This is my initial commit to implement TLS support as request in #121
Its pretty rough at the moment, e.g. its missing the ability to specify a custom CA cert, and does not verify the server's cert.
However I hope it is a basis for further development and an opportunity to check that you are happy with the approach.
Thanks
Tom