feat(rpc): add https support #1861
Conversation
shamardy
requested review from
ca333,
DeckerSU,
smk762,
onur-ozkan and
borngraced
shamardy
added
in progress
There was a problem hiding this comment.
This looks good to me.
The last suggestion I would say for this PR, please have 3 seperated commits:
1: Port acceptor and builders with containing ported from https://github.com/rustls/hyper-rustls/tree/286e1fa57ff5cac99994fab355f91c3454d6d83d this commit description
2- Do the changes on these ported modules
3- All the rest of the work.
In the worst-case scenario, by having incremental changes starting from https://github.com/rustls/hyper-rustls/tree/286e1fa57ff5cac99994fab355f91c3454d6d83d in the ported source code, the developers will be able to easily understand and quickly identify the patches we have applied. It is important to keep these commits separate and preserve them in our commit history. Otherwise, it would be exhausting to compare and match the correct version/commit in the source code with the corresponding modules in our ported code.
That's a really neat idea, these should be the guidelines for any ported code to mm2. I will do it this way and force push the changes. I will also add these suggestions to contribution guidelines later. |
shamardy
added
in progress
|
You would need to rebase the PR and have proper commit history since we will not squash this one on merge |
…/native_tls/builder.rs from https://github.com/rustls/hyper-rustls/tree/286e1fa57ff5cac99994fab355f91c3454d6d83d src/acceptor.rs and src/acceptor/builder.rs
- add the required deps for native_tls to mm2_net/Cargo.toml - expose TlsStream and add remote_addr to it - format the ported code
Done, now I have 1 commit for the porting, 1 for the changes of the ported code and 1 for the rest of work in mm2. @borngraced can you please do a final review if you have more comments? |
This PR adds a new mm2 config parameter
https. When this parameter is set to true, mm2 automatically generates a self-signed certificate internally if no certificate and private key file is found in either the specified paths (MM_CERT_PATHandMM_CERT_KEY_PATH) as defined in the environment variables or if nocert.pemandkey.pemfiles are found in the same directory as the compiled mm2 binary (similar to how coins file works).For the self-signed certificate, the default SANs (Subject Alternative Names) used are
localhostand127.0.0.1, these are set ifalt_namesis not specified in mm2 config.alt_namestakes an array of strings specifying the desired SANs.After certificates are loaded, the mm2 service/server is then executed in HTTPS mode, enabling secure communication between the client and server using Transport Layer Security (TLS). This ensures that all requests and responses are encrypted, providing enhanced security for the API.
When
httpsis not set, it defaults to false and the mm2 service is executed in HTTP as it was before this PR to maintain backward compatibility for clients relying on it.Please note that disabling certificate verification/validation is required by the client for requests to work in https mode if self-signed certificates where used.
New dependencies:
pem v1.1.1rcgen v0.10.0yasna v0.5.2dependency update:
rustls-pemfile 1.0.0 -> 1.0.2