Hi Michael, Are you still using http for the transport? If so, I'm sure the http transport available for most the language libraries will work over https by just changing the URL. I don't know about your needs, but for me, thrift over http is about as good as thrift over plain sockets (assuming keep-alive is working so that each request isn't made on its own tcp connection).
I doubt there are plans to introduce SSL socket clients for each library. Remember, Thrift was originally built for communication across an intranet and not really for publicly exposed services. I wonder if you couldn't rig something up with stunnel to satisfy your needs without having to modify any of the thrift clients? Maybe something that looks like: (php page) <--> (thrift socket client) <--> (stunnel instance on same machine) <--> (... untrusted network ...) <--> (cpp daemon w/ ssl patch) Fred On Sun, Apr 18, 2010 at 12:41 AM, Michael Lawson (mshindo) <[email protected]> wrote: > Hi All, > I am using thrift on a couple of projects, and have struck the need to > encrypt communications on one of them. Before moving to thrift management of > this particular application was performed via a built in https server, > however this was not ideal for several obvious reasons. So we have moved to > php for management and use thrift to communicate with the c++ daemon. > > Some of this information being sent is sensitive, and we need to be able to > validate a remote peer. I have looked through Jira and seen that a C++ ssl > patch was written, but am wondering if there is any plans with regards to > making this mainstream along with developing ssl clients in other languages? > > This requirement is relatively important to my product, so if it helps speed > up this process, I am more than happy to lend development time to this > fantastic project. > > Regards, > > -- > Michael Lawson >
