Add TLS support for TCP sockets #211
Conversation
|
Hey @moisesguimaraes sorry for the delay. |
|
Hi @jaysonsantos. So far there is no support at all for TLS in python memcached clients. You can follow our research here: https://etherpad.openstack.org/p/oslo-cache-tls-support-worksheet I think working with the context will give more flexibility on which TLS implementation or which TLS options are set in place. It is basically decoupling it and handling it as a dependency injection. Otherwise we would have to have params for keys, certificates, allowed TLS version, allowed cipher suites, and many more TLS options. |
| @@ -30,14 +30,16 @@ def __init__(self, servers=('127.0.0.1:11211',), username=None, | |||
| socket_timeout=SOCKET_TIMEOUT, | |||
| pickle_protocol=0, | |||
| pickler=pickle.Pickler, | |||
| unpickler=pickle.Unpickler): | |||
| unpickler=pickle.Unpickler, | |||
| tls_context=None): | |||
There was a problem hiding this comment.
Hey there, could you also add some info about in on the __doc__?
There was a problem hiding this comment.
Sure, I'm on vacation now and will be back on this task in the first week of January.
|
Hey @moisesguimaraes I've just rebased your branch with master to see how it goes on the tests |
|
The tests are being skipped on travis, is there any way to make them work there? https://travis-ci.org/jaysonsantos/python-binary-memcached/jobs/642982975?utm_medium=notification&utm_source=github_status |
|
Tests are skipped when the Memcached server itself was not built with TLS support. That will take a while, but my team is working on pushing TLS enablement upstream. A way to make it work would be to recompile memcached with --enable-tls. |
In order to test TLS support we need a couple of keys and certs.
TLS tests requires a TLS enabled memcached server. In order to get one, you must compile memcached with `--enable-tls`.
You can get a TLS enabled memcached by compiling it with --enable-tls.
This PR is still a work in progress. I would like to add tests to it before merging.
This change is