Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls_socket: load TLS certs in subdirs (config/tls/sub/*.pem) #3344

Merged
merged 1 commit into from
May 6, 2024
Merged

tls_socket: load TLS certs in subdirs (config/tls/sub/*.pem) #3344

merged 1 commit into from
May 6, 2024

Conversation

msimerson
Copy link
Member

@msimerson msimerson commented May 3, 2024
edited
Loading

Changes proposed in this pull request:

See the updated TLS docs here

  • tls_socket:
    • get_certs_dir is now async
      • completely refactored.
      • config/tls loading is now recursive
      • watches config/tls for changes
    • getSocketOpts is now async
    • parse_x509 is now async
    • shed dependency on caolan/async & openssl-wrapper
    • certsByHost is now a haraka-note
      • replace saveOpt with haraka-notes
    • SNICallback is now exported, helps with Feature request: Expose SNICallback as a plugin hook #2968
  • outbound: use HarakaMx class for MX objects
  • line_socket: deprecate it everywhere (replaced by net_utils.add_line_processor)
    • remove unused callback
  • outbound/client_pool: don't use line_socket, use tls_socket directly
    • client_pool: sock.name is now JSON of socket args
    • client_pool.get_client & release_client: arity of 5 -> 2

Fixes #3018
Related to #3072

Checklist:

  • docs updated
  • tests updated
  • Changes updated

@msimerson msimerson changed the title - tls_socket: load TLS certs in subdirs (config/tls/sub/* tls_socket: load TLS certs in subdirs (config/tls/sub/*.pem) May 3, 2024
@msimerson msimerson marked this pull request as ready for review May 3, 2024 07:20
@msimerson msimerson mentioned this pull request May 3, 2024
Closed
@msimerson
- tls_socket: load TLS certs in subdirs (config/tls/sub/*.(key|crt)
9dc0b1e 
- tls_socket:
  - getSocketOpts is now async
  - parse_x509 is now async
  - shed dependency on caolan/async & openssl-wrapper
  - get_certs_dir is now async
    - completely refactored.
    - config/tls loading is now recursive
    - watches config/tls for changes
  - tolerate spaces in CN string
  - replace saveOpt with haraka-notes
  - export SNICallback, should help with #2968
- outbound: use HarakaMx class for MX objects
- line_socket: remove unused callback
- deprecate line_socket
- outbound/client_pool: don't use line_socket, use tls_socket directly
  - client_pool: sock.name is now JSON of socket args
  - client_pool.get_client & release_client: arity of 5 -> 2
- catch ENOENT for config/tls
- doc(tls): updated with TLS dir rules
- workaround for windows * restriction
- tls: remove void returns
@msimerson msimerson merged commit 81c6746 into master May 6, 2024
21 checks passed
@msimerson msimerson deleted the tls_socket-outbound branch May 6, 2024 17:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ES6 Outbound Wants Review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for kubernetes secret style certificates
1 participant
@msimerson