vert.x icon indicating copy to clipboard operation
vert.x copied to clipboard

Published 20 hours ago verified publisher icon eclipse-vertx

Reloading SSL Configuration

Open Hakky54 opened this issue 2 years ago • 0 comments

I discovered that the community of Vert.x wants ssl reloading mechanism from the following 3 issues:

  • https://github.com/eclipse-vertx/vert.x/issues/2870
  • https://github.com/eclipse-vertx/vert.x/issues/3780
  • https://github.com/quarkusio/quarkus/issues/15926

They all have different use-cases. Some need to reload the ssl configuration more frequently than others, but the main goal is to have some kind of reloading mechanism without the need of restarting the server or recreating the client. A kind developer, @tsaarni has even created this pull request which does the trick already: https://github.com/eclipse-vertx/vert.x/pull/4372 However it is limited to a KeyStore/PEM File. The Vert.x core library has two interfaces which needs to be supported: TrustOptions and KeyCertOptions which should return a KeyManager/TrustManager.

I was reading through all of the comments and noticed this one of @vietj and it seems like he prefers a solution outside of the core library:

ok, I would like to see if we can have it as something more decoupled from vertx core

I even added my input in this issue: https://github.com/eclipse-vertx/vert.x/issues/2870#issuecomment-1100475455 However there is no follow-up till this day although the library maintainer appreciated the solution:

thanks @Hakky54

I think we could provide in Vert.x an SPI to integrate Vertx to more easily integrate with SSLContext library

So based on the remarks of @vietj I thought it would be maybe a good to provide additional documentation to the project for this kind of use case. It seems like the maintainer does not want to have this in the core library, but want to provide it as a separate util library combining for other utilities which can be added in the future. I already have created a library couple of years ago which has this capability since last year, see here: GitHub - SSLCcontext Kickstart. I also created a reference implementation with a live demo to demonstrate how to configure it and demonstrate that it is working. So therefor I though to create a pull request to include code snippets as example ssl configuration to help the end-user of enabling this kind of feature. The core library won't get additional code complexity and also does not need to maintain it. If developers would like to enable this feature they can just add an additional library. Next to that by giving the control to the end-user he/she can decide when to update the ssl configuration, either via a file listener, scheduled on a fixed interval of minutes, hours, or maybe days, or based on triggers?

This pull request should close the following issues:

  • https://github.com/eclipse-vertx/vert.x/issues/4452
  • https://github.com/eclipse-vertx/vert.x/issues/2870
  • https://github.com/eclipse-vertx/vert.x/issues/3780
  • https://github.com/quarkusio/quarkus/issues/15926

Hakky54 avatar Aug 09 '22 22:08 Hakky54