fe69793418
This commit adds TLS support to influxdb3 and allows users to pass in a path to a key and cert file with the --tls-key and --tls-cert flags in the serve command. It also adds the ability for every command to specify a certificate authority for requests. This is mostly needed when the cert is self signed, but there are other use cases for this. The big thing is that most of our tests now use TLS by default. Included are self signed certs for localhost and the the CA cert included in the commit. Since these are *only* used for testing this should be fine to include as they are not used in nor are they intended to be used in any production system. The expiry has been set for 365 days and the file perms are set to o600 like the original issue mentioned. The tests pass with this restriction. I've verified that the API works via curl with the self signed certs as I did *not* need to pass in the -k option to bypass checking the certs were valid. The same goes for our tests. They use the rootCA.pem file to verify the self signed cert when connecting and reject it otherwise. With this users can be confident that their queries are safely encrypted during transport. Note that TLS works for both FlightSQL and our normal APIs. Closes #25774 |
||
|---|---|---|
| .. | ||
| localhost.key | ||
| localhost.pem | ||
| rootCA.pem | ||