Code Review / aaf / sms.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 9b0c494)
Using SNI for service names to support k8s 05/45305/2
authorKiran Kamineni <kiran.k.kamineni@intel.com>
Mon, 30 Apr 2018 18:14:19 +0000 (11:14 -0700)
committerKiran Kamineni <kiran.k.kamineni@intel.com>
Mon, 30 Apr 2018 23:08:46 +0000 (16:08 -0700)
Using SNI in quorum client connection to
connect to SMS service via https

Issue-ID: AAF-265
Change-Id: I5108e9d734f11a4f74c41a41a2d8cd2f72c62b36
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
sms-service/src/quorumclient/config.json patch | blob | history
sms-service/src/quorumclient/quorumclient.go patch | blob | history

diff --git a/sms-service/src/quorumclient/config.json b/sms-service/src/quorumclient/config.json
index 53cbf41..9afe723 100644 (file)
--- a/sms-service/src/quorumclient/config.json
+++ b/sms-service/src/quorumclient/config.json
@@ -1,5 +1,6 @@
 {
     "url":"https://aaf-sms:10443",
+    "servername":"aaf-sms.api.simpledemo.onap.org",
     "cafile": "cert/aaf_root_ca.cer",
     "clientcert":"client.cert",
     "clientkey":"client.key",
diff --git a/sms-service/src/quorumclient/quorumclient.go b/sms-service/src/quorumclient/quorumclient.go
index 9db6da8..9ef8f00 100644 (file)
--- a/sms-service/src/quorumclient/quorumclient.go
+++ b/sms-service/src/quorumclient/quorumclient.go
@@ -105,12 +105,13 @@ func main() {
 
        //Struct to read json configuration file
        type config struct {
-               BackEndURL string `json:"url"`
-               CAFile     string `json:"cafile"`
-               ClientCert string `json:"clientcert"`
-               ClientKey  string `json:"clientkey"`
-               TimeOut    string `json:"timeout"`
-               DisableTLS bool   `json:"disable_tls"`
+               BackEndURL        string `json:"url"`
+               BackendServerName string `json:"servername"`
+               CAFile            string `json:"cafile"`
+               ClientCert        string `json:"clientcert"`
+               ClientKey         string `json:"clientkey"`
+               TimeOut           string `json:"timeout"`
+               DisableTLS        bool   `json:"disable_tls"`
        }
 
        //Load the config File for reading
@@ -155,6 +156,12 @@ func main() {
                }
        }
 
+       // Allow https connection in k8s where servername does not match
+       // certificate server name
+       if cfg.BackendServerName != "" {
+               transport.TLSClientConfig.ServerName = cfg.BackendServerName
+       }
+
        client := &http.Client{
                Transport: &transport,
        }
Secret Management Service that will contain the webservice as well as client code for managing and accessing secrets.