Description
ns_server will be passing in a "-caFile" argument in the command line for XDCR. This will be done as part of supporting node-to-node encryption per MB-47316.
XDCR will need to implement an in-memory cache to store this certificate file.
In addition, XDCR needs to hook up (either using GSI library or our own) with cbauth to observe if TLS config has changed, and re-load the CA File.
The cache will need an API to be able to let XDCR peer-to-peer framework to use and establish TLS connection.
Attachments
Issue Links
- relates to
-
MB-47316 Add support for XDCR transport proxy
- Closed