Add TLS encryption support for TSD connections #186
Commits on Dec 8, 2014
-
Add TLS encryption support for TSD connections
- Enable TLS encryption on TSD connections with command line toggle --tls or --ssl. Since OpenTSDB does not support SSL, this requires a SSL proxy in front of OpenTSDB, such as stunnel or similar - Prefers TLS v1.2 if available (since python 2.7.9), uses TLS v1 otherwise - Add _valid_certificate_name method to SenderThread, for verifying certificate name against hostname. Allows use of wildcard (*) in subdomains, but not in TLD or HOST parts. I.e. *.example.tld allowed - Add command line option --ca-certs for specifying the path to the system ca-certificates file. Checks existence on start up. Defaults to /etc/ssl/certs/ca-certificates.crt - Add EXTRA_ARGS option to init scripts, for specifying extra options like --tls and --ca-certs
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.