Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Fix
Priority: Major
Fix Version/s: None
Affects Version/s: Cheshire-Cat
Component/s: memcached
Labels:
None

Triage:
Triaged
Story Points:
1
Is this a Regression?:
Unknown

Description

Currently the filename for the certificate to use for TLS is specified for each of the interfaces in memcached.json so you could in theory have a unique certificate on each of the individual ports you're listening to.

All of the interfaces may be modified dynamically and this adds extra complexity in order to synchonize the internal "cache" of the SSL object used inside memcached to avoid reading and parsing all of the keys evey time we connect to the system.

Given that we only use a SINGLE pair of private key and certificate chain the configuration should be moved off the interface definition and into a new toplevel entry:

"tls" : { "private_key": "/path/to/key", "certificate_chain":"/path/to/certificate" }

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Trond Norbye

Reporter:: Trond Norbye

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 10/Dec/20 12:48 AM

Updated:: 10/Dec/20 2:12 PM

Resolved:: 10/Dec/20 2:12 PM

Gerrit Reviews

There are no open Gerrit changes

Show There are 3 closed Gerrit changes

Hide There are 3 closed Gerrit changes

MB-43202: move tls configuration off interfaces [1/3]: Gerrit Review:

MB-43202: Use new tls configuration in testapp [2/3]: Gerrit Review:

MB-43202: Remove support for keys in interface description [3/3]: Gerrit Review:

TLS private key and certificate should not be specified per interface

Details

Description

Attachments

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews

PagerDuty