Igor, Thanks for the clarification. Please file a ticket if nobody else shares a feedback soon.
— Denis > On Nov 7, 2017, at 1:23 AM, Igor Sapego <isap...@apache.org> wrote: > > Hi Denis, > >> Could you explain the difference between “allow, prefer and require” > modes? > allow - Client will first try connecting without SSL, and then fallback to > SSL if it is not allowed to connect without SSL; > prefer - Client will first try connecting using SSL, and then fallback to > non-SSL if SSL is not supported by the server; > disable - Client will only connect using SSL and return error if failed to > successfully do so. > >> BTW, do we really need to have the “disable” one? Guess that having > ssl_mode set to “disable” will have the same effect as not setting the > ssl_mode at all. > This is the matter of the default value of the ssl_mode option. The way you > propose it means that you still has "disable" option, it is just is not > explicit. > > Best Regards, > Igor > > On Fri, Nov 3, 2017 at 10:35 PM, Denis Magda <dma...@apache.org> wrote: > >> Hi Igor, >> >> Could you explain the difference between “allow, prefer and require” modes? >> >> BTW, do we really need to have the “disable” one? Guess that having >> ssl_mode set to “disable” will have the same effect as not setting the >> ssl_mode at all. >> >> — >> Denis >> >>> On Nov 3, 2017, at 9:04 AM, Igor Sapego <isap...@apache.org> wrote: >>> >>> Hi, Igniters, >>> >>> I'm going to start working on the SSL support for the ODBC >>> connection and I need to hear your opinion. >>> >>> For the client side I'm going to use OpenSSL library [1], which is >>> standard de-facto for C/C++ applications. Unfortunately its >>> licence is not fully compatible with Apache Licence, so its going >>> to require from users to install OpenSSL themselves. >>> >>> For the driver I'm going to add following options to connection >>> string: >>> ssl_mode - Determines whether or with what priority a SSL >>> connection will be negotiated with the server. Options >>> here are disable, allow, prefer, require. >>> ssl_key_file - Path to the location for the secret key used for the >>> client certificate. >>> ssl_cert_file - Path to the file of the client SSL certificate. >>> >>> If the ssl_mode is not set to "disable" then ODBC driver will >>> attempt to find and load OpenSSL library before establishing >>> connection. >>> >>> For the server side there is already SslContextFactory in the >>> IgniteConfiguration, which is used by all components to determine >>> if the SSL enabled and to figure out connection parameters, so >>> I think it's a good idea to just re-use it for the >> ClientListenerProcessorю >>> >>> What do you guys think? >>> >>> [1] - https://www.openssl.org >>> >>> Best Regards, >>> Igor >> >>
