krakow icon indicating copy to clipboard operation
krakow copied to clipboard

Published 20 hours ago verified publisher icon chrisroberts

TLS-support broken

Open toadle opened this issue 9 years ago • 3 comments

I tried to configure krakow using TLS like so:

    consumer = Krakow::Consumer.new(
      :nsqlookupd => 'https://api-ssl.bitly.com/v3/nsq/lookup?access_token=xxx',
      :topic => 'topic,
      :channel => 'channel',
      :connection_options => {
        :features => {
          :tls_v1 => true
        }
      }
    )

and it starts breaking like crazy.

First it misses Celluloid::IO in ssl.rb, probably because require 'celluloid/io' is missing - which is also missing in the gem's dependencies. After that it talks about wanting "a file". Couldn't find a solution for that and gave up...

toadle avatar Mar 24 '15 16:03 toadle

  • [x] add ssl spec coverage
  • [x] update ksocket to support ssl context

chrisroberts avatar Mar 24 '15 17:03 chrisroberts

Have the feature wrapping updated to properly interact with the new ksocket within the krakow internals. I'm still encountering some errors when running the spec to apply the tls upgrade, but it is not consistent, so I'm still chasing down what exactly is causing it:

[nsqd] 2015/04/01 10:07:25.024139 ERROR: client(127.0.0.1:49003) - failed to read command - tls: received record with version 301 when expecting version 302

which then causes nsqd to kill the connection. Once I get that tracked down, this can get wrapped up and released.

chrisroberts avatar Apr 01 '15 17:04 chrisroberts

Any news on this? Difficult to deploy nsq in production if ruby clients can't use TLS..

Soulou avatar Sep 13 '15 21:09 Soulou