Skip to content

Add support connection using SSL #308

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
LeonidVas opened this issue Jan 19, 2023 · 1 comment
Closed

Add support connection using SSL #308

LeonidVas opened this issue Jan 19, 2023 · 1 comment
Assignees
@oleg-jukovec

Comments

@LeonidVas
Copy link
Contributor

LeonidVas commented Jan 19, 2023
edited
Loading

The tarantool EE supports connection with SSL, but tt connect doesn't. It is necessary to add this functionality to tt connect.
The problem is that in this case we have to add the openssl dependency which will break the static build and we need to find a way to keep the static build if possible (maybe we need to add some changes to go-tarantool).
@LeonidVas LeonidVas mentioned this issue Jan 19, 2023
Merged
@oleg-jukovec oleg-jukovec self-assigned this Feb 16, 2023
@oleg-jukovec
Copy link
Contributor

oleg-jukovec commented Feb 17, 2023
edited
Loading

How to build tt on a local PC:

--- a/magefile.go
+++ b/magefile.go
@@ -32,6 +32,7 @@ const (
 
 var (
     ldflags = []string{
+        "-linkmode=external", "-extldflags", "-static",
         "-s", "-w",
         "-X ${PACKAGE}/version.gitTag=${GIT_TAG}",
         "-X ${PACKAGE}/version.gitCommit=${GIT_COMMIT}",
@@ -153,7 +154,7 @@ func Build() error {
     err := sh.RunWith(
         getBuildEnvironment(), goExecutableName, "build",
         "-o", ttExecutableName,
-        "-tags=go_tarantool_ssl_disable",
+        "-tags=netgo,osusergo",
         "-ldflags", strings.Join(ldflags, " "),
         "-asmflags", asmflags,
         "-gcflags", gcflags,
@@ -320,6 +321,6 @@ func getBuildEnvironment() map[string]string {
         "VERSION_LABEL": os.Getenv("VERSION_LABEL"),
         "PWD":           currentDir,
         "CONFIG_PATH":   getDefaultConfigPath(),
-        "CGO_ENABLED":   "0",
+        "CGO_ENABLED":   "1",
     }
 }
$ wget https://github.com/openssl/openssl/releases/download/openssl-3.0.8/openssl-3.0.8.tar.gz
$ tar -xvf openssl-3.0.8.tar.gz
$ cd openssl-3.0.8/
$ ./Configure --prefix=/tmp/openssl/ no-shared
$ make -j12 && make install
$ CGO_LDFLAGS="-L/tmp/openssl/lib" CGO_CFLAGS="-Wno-deprecated-declarations -I/tmp/openssl/include" mage build
$ ldd tt
	not a dynamic executable

oleg-jukovec added a commit that referenced this issue Mar 3, 2023
@oleg-jukovec
connect: add SSL support
b9ff7f1 
The patch adds options to configure traffic encryption[1]:

--sslkeyfile - a path to a private SSL key file;
--sslcerfile - a path to an SSL certificate file;
--sslcafile  - a path to a trusted certificate authorities (CA) file;
--sslciphers - colon-separated (:) list of SSL cipher suites the
  connection can use;

1. https://www.tarantool.io/en/enterprise_doc/security/#configuration

Part of #308
oleg-jukovec added a commit to tarantool/go-openssl that referenced this issue Mar 3, 2023
@oleg-jukovec
Fix static build on macOS
476b850 
The build tag `openssl_static` does not produce a binary with
static linked libcrypto and libssl. The patch fixes it.

Related to tarantool/tt#308
@oleg-jukovec oleg-jukovec mentioned this issue Mar 3, 2023
Merged
oleg-jukovec added a commit to tarantool/go-openssl that referenced this issue Mar 7, 2023
@oleg-jukovec
Fix static build on macOS
3a82924 
The build tag `openssl_static` does not produce a binary with
static linked libcrypto and libssl. The patch fixes it.

Related to tarantool/tt#308
oleg-jukovec added a commit to tarantool/go-tarantool that referenced this issue Mar 7, 2023
@oleg-jukovec
mod: bump version of go-openssl
a75a097 
The patch fixes build on macOS with Apple M1.

Related to tarantool/tt#308
Closes #260
@oleg-jukovec oleg-jukovec mentioned this issue Mar 7, 2023
Merged
1 task
oleg-jukovec added a commit to tarantool/go-tarantool that referenced this issue Mar 7, 2023
@oleg-jukovec
mod: bump version of go-openssl
3c93506 
The patch fixes build on macOS with Apple M1.

Related to tarantool/tt#308
Closes #260
oleg-jukovec added a commit that referenced this issue Mar 10, 2023
@oleg-jukovec
connect: add SSL support
65ad9d8 
The patch adds options to configure traffic encryption[1]:

--sslkeyfile - a path to a private SSL key file;
--sslcerfile - a path to an SSL certificate file;
--sslcafile  - a path to a trusted certificate authorities (CA) file;
--sslciphers - colon-separated (:) list of SSL cipher suites the
  connection can use;

1. https://www.tarantool.io/en/enterprise_doc/security/#configuration

Part of #308
oleg-jukovec added a commit that referenced this issue Mar 10, 2023
@oleg-jukovec
mage: build with OpenSSL
d80a688 
3 build options have been added:

- static with statically linked OpenSSL;
- shared with dynamically linked OpenSSL;
- nossl  without OpenSSL;

Closes #308
oleg-jukovec added a commit that referenced this issue Mar 10, 2023
@oleg-jukovec
mage: build with OpenSSL
da3a272 
3 build options have been added:

- static with statically linked OpenSSL;
- shared with dynamically linked OpenSSL;
- nossl  without OpenSSL;

Closes #308
oleg-jukovec added a commit that referenced this issue Mar 10, 2023
@oleg-jukovec
mage: build with OpenSSL
0303c01 
3 build options have been added:

- static with statically linked OpenSSL;
- shared with dynamically linked OpenSSL;
- nossl  without OpenSSL;

Closes #308
oleg-jukovec added a commit that referenced this issue Mar 15, 2023
@oleg-jukovec
connect: add SSL support
8017498 
The patch adds options to configure traffic encryption[1]:

--sslkeyfile - a path to a private SSL key file;
--sslcerfile - a path to an SSL certificate file;
--sslcafile  - a path to a trusted certificate authorities (CA) file;
--sslciphers - colon-separated (:) list of SSL cipher suites the
  connection can use;

1. https://www.tarantool.io/en/enterprise_doc/security/#configuration

Part of #308
oleg-jukovec added a commit that referenced this issue Mar 15, 2023
@oleg-jukovec
mage: build with OpenSSL
ee69242 
3 build options have been added:

- static with statically linked OpenSSL;
- shared with dynamically linked OpenSSL;
- nossl  without OpenSSL;

Closes #308
oleg-jukovec added a commit that referenced this issue Mar 16, 2023
@oleg-jukovec
mage: build with OpenSSL
743ae7e 
3 build options have been added:

- static with statically linked OpenSSL;
- shared with dynamically linked OpenSSL;
- nossl  without OpenSSL;

Closes #308
oleg-jukovec added a commit that referenced this issue Mar 16, 2023
@oleg-jukovec
mage: build with OpenSSL
9507f49 
3 build options via TT_CLI_BUILD environment variable have been added:

- nocgo  without OpenSSL;
- static with statically linked OpenSSL;
- shared with dynamically linked OpenSSL;

Closes #308
oleg-jukovec added a commit that referenced this issue Mar 17, 2023
@oleg-jukovec
connect: add SSL support
96f527f 
The patch adds options to configure traffic encryption[1]:

--sslkeyfile - a path to a private SSL key file;
--sslcerfile - a path to an SSL certificate file;
--sslcafile  - a path to a trusted certificate authorities (CA) file;
--sslciphers - colon-separated (:) list of SSL cipher suites the
  connection can use;

1. https://www.tarantool.io/en/enterprise_doc/security/#configuration

Part of #308
oleg-jukovec added a commit that referenced this issue Mar 17, 2023
@oleg-jukovec
mage: build with OpenSSL
fd15f60 
3 build options via TT_CLI_BUILD environment variable have been added:

- nocgo  without OpenSSL;
- static with statically linked OpenSSL;
- shared with dynamically linked OpenSSL;

Closes #308
oleg-jukovec added a commit that referenced this issue Mar 20, 2023
@oleg-jukovec
mage: build with OpenSSL
409e339 
3 build options via TT_CLI_BUILD_SSL environment variable have been
added:

- no     without OpenSSL;
- static with statically linked OpenSSL;
- shared with dynamically linked OpenSSL;

Closes #308
LeonidVas pushed a commit that referenced this issue Mar 20, 2023
@oleg-jukovec @LeonidVas
connect: add SSL support
491d497 
The patch adds options to configure traffic encryption[1]:

--sslkeyfile - a path to a private SSL key file;
--sslcerfile - a path to an SSL certificate file;
--sslcafile  - a path to a trusted certificate authorities (CA) file;
--sslciphers - colon-separated (:) list of SSL cipher suites the
  connection can use;

1. https://www.tarantool.io/en/enterprise_doc/security/#configuration

Part of #308
oleg-jukovec added a commit to tarantool/go-openssl that referenced this issue Jul 27, 2023
@oleg-jukovec
Fix static build on macOS
b95fe9d 
The build tag `openssl_static` does not produce a binary with
static linked libcrypto and libssl. The patch fixes it.

Related to tarantool/tt#308
oleg-jukovec added a commit to tarantool/go-openssl that referenced this issue Jul 27, 2023
@oleg-jukovec
Fix static build on macOS
8ae136c 
The build tag `openssl_static` does not produce a binary with
static linked libcrypto and libssl. The patch fixes it.

Related to tarantool/tt#308
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@oleg-jukovec oleg-jukovec

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@oleg-jukovec @LeonidVas