Skip to content
Find file Blame History Permalink
  • Leigh B Stoller's avatar
    Add SSL support to pubsubd and clusterd. When built with SSL, pubsubd adds · b9db9049
    Leigh B Stoller authored 
    new options:

 -S              Turn on SSL connection handling
 -C              Specify the certificate file for SSL
 -K              Specify the key file for SSL
 -A              Specify the trusted CAs file for SSL
 -P portnum      Listen for SSL enabled connections on this portnum

 The default port number is 16506. At the moment, client verification is
 very specific to our needs; the peer must use the Emulab root certificate,
 not any of the issued certificates, which means only the boss node at the
 remote cluster can talk to us.

 For clusterd:

    -S Connect using SSL to parent server
    -C Specify the certificate file for SSL
    -K Specify the key file for SSL

which allows clusterd to talk to pubsubd using SSL. The local port binding
is not SSL, just the upstream parent connection.
    b9db9049