Ok, then how about the following set of options: ssl_enabled=[true|false] ssl_key_file=<path_to_secret_key> ssl_cert_file=<path_to_certificate>
Best Regards, Igor On Tue, Nov 14, 2017 at 5:21 PM, Vladimir Ozerov <voze...@gridgain.com> wrote: > I think it would be enough to have a single switch for now. > > On Tue, Nov 7, 2017 at 10:04 PM, Denis Magda <dma...@apache.org> wrote: > > > Igor, > > > > Thanks for the clarification. Please file a ticket if nobody else shares > a > > feedback soon. > > > > — > > Denis > > > > > On Nov 7, 2017, at 1:23 AM, Igor Sapego <isap...@apache.org> wrote: > > > > > > Hi Denis, > > > > > >> Could you explain the difference between “allow, prefer and require” > > > modes? > > > allow - Client will first try connecting without SSL, and then fallback > > to > > > SSL if it is not allowed to connect without SSL; > > > prefer - Client will first try connecting using SSL, and then fallback > to > > > non-SSL if SSL is not supported by the server; > > > disable - Client will only connect using SSL and return error if failed > > to > > > successfully do so. > > > > > >> BTW, do we really need to have the “disable” one? Guess that having > > > ssl_mode set to “disable” will have the same effect as not setting the > > > ssl_mode at all. > > > This is the matter of the default value of the ssl_mode option. The way > > you > > > propose it means that you still has "disable" option, it is just is not > > > explicit. > > > > > > Best Regards, > > > Igor > > > > > > On Fri, Nov 3, 2017 at 10:35 PM, Denis Magda <dma...@apache.org> > wrote: > > > > > >> Hi Igor, > > >> > > >> Could you explain the difference between “allow, prefer and require” > > modes? > > >> > > >> BTW, do we really need to have the “disable” one? Guess that having > > >> ssl_mode set to “disable” will have the same effect as not setting the > > >> ssl_mode at all. > > >> > > >> — > > >> Denis > > >> > > >>> On Nov 3, 2017, at 9:04 AM, Igor Sapego <isap...@apache.org> wrote: > > >>> > > >>> Hi, Igniters, > > >>> > > >>> I'm going to start working on the SSL support for the ODBC > > >>> connection and I need to hear your opinion. > > >>> > > >>> For the client side I'm going to use OpenSSL library [1], which is > > >>> standard de-facto for C/C++ applications. Unfortunately its > > >>> licence is not fully compatible with Apache Licence, so its going > > >>> to require from users to install OpenSSL themselves. > > >>> > > >>> For the driver I'm going to add following options to connection > > >>> string: > > >>> ssl_mode - Determines whether or with what priority a SSL > > >>> connection will be negotiated with the server. Options > > >>> here are disable, allow, prefer, require. > > >>> ssl_key_file - Path to the location for the secret key used for the > > >>> client certificate. > > >>> ssl_cert_file - Path to the file of the client SSL certificate. > > >>> > > >>> If the ssl_mode is not set to "disable" then ODBC driver will > > >>> attempt to find and load OpenSSL library before establishing > > >>> connection. > > >>> > > >>> For the server side there is already SslContextFactory in the > > >>> IgniteConfiguration, which is used by all components to determine > > >>> if the SSL enabled and to figure out connection parameters, so > > >>> I think it's a good idea to just re-use it for the > > >> ClientListenerProcessorю > > >>> > > >>> What do you guys think? > > >>> > > >>> [1] - https://www.openssl.org > > >>> > > >>> Best Regards, > > >>> Igor > > >> > > >> > > > > >
