Re: [PR] [ISSUE #7861] Allow user can change the tls mode to avoid init ssl context [rocketmq]

Fri, 01 Mar 2024 03:38:36 -0800 


leizhiyuan commented on PR #7862:
URL: https://github.com/apache/rocketmq/pull/7862#issuecomment-1973032651

   > > 不是的吧,现在要么test tls,要么开启读取tls文件 cserwen _**@**_._**> 于 2024年3月1日周五 
下午6:52写道:
   > > […](#)
   > > _**@**_.**_* commented on this pull request. 
------------------------------ In 
proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java
 <[#7862 
(comment)](https://github.com/apache/rocketmq/pull/7862#discussion_r1508823675)>:
 > @@ -220,10 +227,14 @@ private class TlsModeHandler extends 
ByteToMessageDecoder { private final ChannelHandler plaintext; public 
TlsModeHandler(GrpcHttp2ConnectionHandler grpcHandler) { - this.ssl = 
InternalProtocolNegotiators.serverTls(sslContext) + if (sslContext == null) { + 
this.ssl = null; 现在的逻辑应该就是通过 tlsMode 控制的吧,disable 状态 会使用 serverPlaintext() 这个 
sslContext,好像不需要这个优化 — Reply to this email directly, view it on GitHub <[#7862 
(comment)](https://github.com/apache/rocketmq/pull/7862#discussion_r1508823675)>,
 or unsubscribe 
https://github.com/notifications/unsubscribe-auth/AAUPLYDESAEFUEDI6P7IRMDYWBMWHAVCNFSM6AAAAABD3OBX2KVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVS
 XG5CSMV3GSZLXHMYTSMJQHA3DAMZRHE . You are receiving this because you were 
mentioned.Message ID: _**@**_.***>
   > 
   > 你看一下这里的逻辑,
   > 
   > 
https://github.com/apache/rocketmq/blob/cb9ea9efb379c7658f83078e6f7f6be580455ce8/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java#L230
   > 
   > disable 会使用 plaintext,这个应该就是没有开启 ssl? 如果开启了 ssl,是根据 sslContext 
来生成的,sslContext 的构建里又细分为 test 和 配置 两种
   > 
   > 
https://github.com/apache/rocketmq/blob/cb9ea9efb379c7658f83078e6f7f6be580455ce8/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java#L93
   > 
   > 我没有测试过 grpc,remoting 可以这么设置,而且看代码理论上是可以通过设置为 disable 来关闭 ssl 的 @leizhiyuan
   
   启动的时候就报错了。
   
   <img width="831" alt="image" 
src="https://github.com/apache/rocketmq/assets/2684384/dfec20ae-8894-46a7-b261-b78e67b21a9a";>
   
   
   因为tls 不需要开的时候,是不会设置tlsCertPath 和 tlsKeyPath了。decode的时候, 已经运行起来了。


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@rocketmq.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to