Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS support #7

Merged
merged 1 commit into from
Sep 21, 2015
Merged

TLS support #7

merged 1 commit into from
Sep 21, 2015

Conversation

tombee
Copy link
Contributor

@tombee tombee commented Sep 14, 2015

Hey @tianon, let me know what you think of this :) Would appreciate your feedback! 馃惓

tianon
tianon reviewed Sep 15, 2015
View reviewed changes
src/cmd/rawdns/main.go
var err error
tlsConfig, err = loadTLSConfig(config[domain].TLSCACert, config[domain].TLSCert, config[domain].TLSKey, config[domain].TLSVerify)
if err != nil {
log.Fatalf("Unable to load tls config for %s: %s", domain, err)
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you update this to match the prose style of the other Fatalf calls here? ie, error: unable to load tls config for %s: %s\n

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done :)

@tianon
Copy link
Owner

tianon commented Sep 15, 2015

A few minor nits, but otherwise looking good! 馃憤

@tianon
Copy link
Owner

tianon commented Sep 15, 2015

Would you mind also testing this against a TLS-enabled Docker daemon, just to make sure we cover our bases?

@tombee
Copy link
Contributor Author

tombee commented Sep 15, 2015

Will do, thanks for the comments! 馃槃

@tombee
Copy link
Contributor Author

tombee commented Sep 15, 2015

I just tested against a TLS-enabled Docker daemon using the following configuration:

{
    "dockertls.": {
        "type": "containers",
        "socket": "tcp:https://192.168.99.102:2376",
        "tlsverify": true,
        "tlscacert": "/var/lib/boot2docker/ca.pem",
        "tlscert": "/var/lib/boot2docker/server.pem",
        "tlskey": "/var/lib/boot2docker/server-key.pem"
    },
    "local.": {
        "type": "forwarding",
        "nameservers": [ "172.17.42.1" ]
    },
    ".": {
        "type": "forwarding",
        "nameservers": [ "8.8.8.8", "8.8.4.4" ]
    }
}

Works fine:

; <<>> DiG 9.9.5-9+deb8u3-Debian <<>> @172.17.42.1 dns.dockertls
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23827
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;dns.dockertls.         IN  A

;; ANSWER SECTION:
dns.dockertls.      0   IN  A   172.17.0.5

;; Query time: 26 msec
;; SERVER: 172.17.42.1#53(172.17.42.1)
;; WHEN: Tue Sep 15 22:00:20 UTC 2015
;; MSG SIZE  rcvd: 60

@tombee tombee changed the title RFC: TLS support TLS support Sep 15, 2015
@tianon
Copy link
Owner

tianon commented Sep 21, 2015

Nice, LGTM thanks! 馃憤

tianon added a commit that referenced this pull request Sep 21, 2015
@tianon
Merge pull request #7 from tombee/tls
207b9b0 
TLS support
@tianon tianon merged commit 207b9b0 into tianon:master Sep 21, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@tombee @tianon