New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for tls #1055
Add support for tls #1055
Conversation
src/source/tcp.rs
Outdated
let tls_acceptor: Option<TlsAcceptor> = conf | ||
.tls | ||
.as_ref() | ||
.and_then(|tls_config| load_server_config(tls_config).ok()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should fail when the certificates can't be loaded not silently switch to non SSL mode. That could be quite confusing for operators and be quite a security issue.
Not sure about this but worth considering, do we need a new TLS acceptor for every connection and pay the cost of loading certificates from disk each time someone connects, or is it something that could be re-used?
I think it would make sense to at least move the load_server_config outside of the spawn and loop, do it once on connector instantiation. That way the instantiation can error when the certificates are not present or bad and fail the connector and we do not have to pay IO cost on every connection.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Other than the cert loading and a missing stream end this looks great :D! Some nice refactoring of the read_loop and I quite like how good the errors are for the certs!
ee44cf5
to
cb2230e
Compare
src/source/tcp.rs
Outdated
Ok(tls_stream) => { | ||
read_loop(tls_stream, tx, stream_id, origin_uri).await | ||
} | ||
Err(e) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Dang, this e
is not used.
Err(e) => { | |
Err(_e) => { |
2e6ad5a
to
a76f081
Compare
Signed-off-by: murex971 <nupur202000@gmail.com>
Signed-off-by: murex971 <nupur202000@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
woooh nice!
Signed-off-by: murex971 nupur202000@gmail.com
Pull request
Description
add support for receiving TLS encrypted data via TCP onramp
Related
Checklist
Performance