etcd/pkg at 125a033c72f072fab8c4143e9dd2dc2c236dd27d - etcd

History

Kelsey Hightower 8dd8b1cdc2 etcd: server SSL and client cert auth configuration is more explicit etcd does not provide enough flexibility to configure server SSL and client authentication separately. When configuring server SSL the `--ca-file` flag is required to trust self-signed SSL certificates used to service client requests. The `--ca-file` has the side effect of enabling client cert authentication. This can be surprising for those looking to simply secure communication between an etcd server and client. Resolve this issue by introducing four new flags: --client-cert-auth --peer-client-cert-auth --trusted-ca-file --peer-trusted-ca-file These new flags will allow etcd to support a more explicit SSL configuration for both etcd clients and peers. Example usage: Start etcd with server SSL and no client cert authentication: etcd -name etcd0 \ --advertise-client-urls https://etcd0.example.com:2379 \ --cert-file etcd0.example.com.crt \ --key-file etcd0.example.com.key \ --trusted-ca-file ca.crt Start etcd with server SSL and enable client cert authentication: etcd -name etcd0 \ --advertise-client-urls https://etcd0.example.com:2379 \ --cert-file etcd0.example.com.crt \ --key-file etcd0.example.com.key \ --trusted-ca-file ca.crt \ --client-cert-auth Start etcd with server SSL and client cert authentication for both peer and client endpoints: etcd -name etcd0 \ --advertise-client-urls https://etcd0.example.com:2379 \ --cert-file etcd0.example.com.crt \ --key-file etcd0.example.com.key \ --trusted-ca-file ca.crt \ --client-cert-auth \ --peer-cert-file etcd0.example.com.crt \ --peer-key-file etcd0.example.com.key \ --peer-trusted-ca-file ca.crt \ --peer-client-cert-auth This change is backwards compatible with etcd versions 2.0.0+. The current behavior of the `--ca-file` flag is preserved. Fixes #2499.		2015-03-12 23:09:54 -07:00
..
coreos	main: detects coreos	2015-01-30 12:10:05 -08:00
cors	*: switch to line comments for copyright	2015-01-26 09:53:30 -08:00
crc	pkg/crc: add test	2015-01-13 11:07:18 -08:00
fileutil	*: switch to line comments for copyright	2015-01-26 09:53:30 -08:00
flags	pkg/flags: Add support for IPv6 addresses	2015-03-12 11:30:53 +03:00
idutil	*: switch to line comments for copyright	2015-01-26 09:53:30 -08:00
ioutil	*: switch to line comments for copyright	2015-01-26 09:53:30 -08:00
netutil	Treat URLs have same IP address as same	2015-01-27 04:36:41 +09:00
osutil	osutil: pid 1 should exit directly instead of trying to kill itself	2015-02-19 20:27:50 -08:00
pbutil	*: switch to line comments for copyright	2015-01-26 09:53:30 -08:00
testutil	*: switch to line comments for copyright	2015-01-26 09:53:30 -08:00
timeutil	*: switch to line comments for copyright	2015-01-26 09:53:30 -08:00
transport	etcd: server SSL and client cert auth configuration is more explicit	2015-03-12 23:09:54 -07:00
types	*: switch to line comments for copyright	2015-01-26 09:53:30 -08:00
wait	Merge pull request #2354 from xiang90/wait_time	2015-02-23 14:29:39 -08:00
README.md	pkg: add README.md	2014-10-26 16:28:48 -07:00

README.md

pkg/ is a collection of utility packages used by etcd without being specific to etcd itself. A package belongs here only if it could possibly be moved out into its own repository in the future.