diff options
| author |   Scott Murray <scott.murray@konsulko.com> | 2025-03-07 00:37:21 -0500 |
|---|---|---|
| committer | Scott Murray <scott.murray@konsulko.com> | 2025-03-25 19:46:00 +0000 |
| commit | e9788d352a24b07f52d4b7c532cb29bc36cb795c (patch) | |
| tree | 9bd94ed2db1f3c5972d57ccb39832b288e027022 /vehicle-signals/vehiclesignals.cpp | |
| parent | 70f7dcad06d72c8122603861831f088bb065ce1f (diff) | |
Rework TLS configuration to allow disablingsalmon
Rework TLS configuration to add an explicit "use-tls" option like
newer clients have, and to make using a CA certificate optional
to allow potentially using issued certificates. The new option
defaults to TLS disabled, which is a breaking change for most
existing configuration files.
Bug-AGL: SPEC-5387
Change-Id: I1e18ffb05c89bd05aba87b39bcfba439cbeb02e5
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Diffstat (limited to 'vehicle-signals/vehiclesignals.cpp')
| -rw-r--r-- | vehicle-signals/vehiclesignals.cpp | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/vehicle-signals/vehiclesignals.cpp b/vehicle-signals/vehiclesignals.cpp index f550955..30a3bd3 100644 --- a/vehicle-signals/vehiclesignals.cpp +++ b/vehicle-signals/vehiclesignals.cpp @@ -23,18 +23,23 @@ VehicleSignals::VehicleSignals(const VehicleSignalsConfig &config, QObject *pare host += QString::number(m_config.port()); std::shared_ptr<grpc::Channel> channel; - if (!m_config.caCert().isEmpty()) { + if (m_config.useTls()) { qInfo() << "Using TLS"; - grpc::SslCredentialsOptions options; - options.pem_root_certs = m_config.caCert().toStdString(); - if (!m_config.tlsServerName().isEmpty()) { - grpc::ChannelArguments args; - auto target = m_config.tlsServerName(); - qInfo() << "Overriding TLS target name with " << target; - args.SetString(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG, target.toStdString()); - channel = grpc::CreateCustomChannel(host.toStdString(), grpc::SslCredentials(options), args); + if (!m_config.caCert().isEmpty()) { + qInfo() << "Using CA certificate " << m_config.caCertFileName(); + grpc::SslCredentialsOptions options; + options.pem_root_certs = m_config.caCert().toStdString(); + if (!m_config.tlsServerName().isEmpty()) { + grpc::ChannelArguments args; + auto target = m_config.tlsServerName(); + qInfo() << "Overriding TLS server name with " << target; + args.SetString(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG, target.toStdString()); + channel = grpc::CreateCustomChannel(host.toStdString(), grpc::SslCredentials(options), args); + } else { + channel = grpc::CreateChannel(host.toStdString(), grpc::SslCredentials(options)); + } } else { - channel = grpc::CreateChannel(host.toStdString(), grpc::SslCredentials(options)); + channel = grpc::CreateChannel(host.toStdString(), grpc::SslCredentials(grpc::SslCredentialsOptions())); } } else { channel = grpc::CreateChannel(host.toStdString(), grpc::InsecureChannelCredentials()); |