Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implementation of the internal TLS registry #39825

Merged
merged 6 commits into from
Jun 4, 2024
Merged

Implementation of the internal TLS registry #39825

merged 6 commits into from
Jun 4, 2024
+12,501 −313

Commits on Jun 3, 2024

  1. Implementation of the internal TLS registry

    @cescoffier
    cescoffier committed Jun 3, 2024
    Configuration menu
    Copy the full SHA
    bf21e62 View commit details
    Browse the repository at this point in the history

  2. Refactor quarkus.tls.trust-all to use new TLS registry 

    This commit replaces the build-time property 'quarkus.tls.trust-all' with a new TLS registry. The previous implementation was potentially problematic, as it could lead to security issues in a production environment.

Please note, this is a breaking change for extensions that use the now-deleted `TlsConfig.java`. However, from a user perspective, the change is seamless. The 'quarkus.tls.trust-all' configuration property has simply transitioned from a build-time to a runtime configuration.
    @cescoffier
    cescoffier committed Jun 3, 2024
    Configuration menu
    Copy the full SHA
    eaa3ffe View commit details
    Browse the repository at this point in the history

  3. Fix TLS management port injection in tests

    @cescoffier
    cescoffier committed Jun 3, 2024
    Configuration menu
    Copy the full SHA
    e502a6f View commit details
    Browse the repository at this point in the history

  4. Allow configuring the primary and management HTTP server using the TL… 

    …S registry

This commit transitions the configuration of the primary and management HTTP servers from `quarkus.http.ssl....` to `quarkus.tls.keystore/truststore/...`. This change provides a more streamlined and intuitive configuration process. The previous approach is still supported.

Additionally, the update introduces support for named configurations, which can be selected using the `quarkus.http.tls-configuration-name` property.
    @cescoffier
    cescoffier committed Jun 3, 2024
    Configuration menu
    Copy the full SHA
    194c87e View commit details
    Browse the repository at this point in the history

  5. Allow configuring the gRPC client using the TLS registry 

    This commit transitions the configuration of the Quarkus (Vert.x based) gRPC client from `quarkus.grpc.clients.<name>.tls....` to `quarkus.tls.keystore/truststore/...`. This change provides a more streamlined and intuitive configuration process. The previous approach is still supported.

Additionally, the update introduces support for named configurations, which can be selected using the `quarkus.grpc.clients.<name>.tls-configuration-name` property.

Note that this change only updates the Quarkus (Vert.x based) gRPC client. The plain gRPC client (using grpc-java) do not use the TLS registry.
    @cescoffier
    cescoffier committed Jun 3, 2024
    Configuration menu
    Copy the full SHA
    f1e99f7 View commit details
    Browse the repository at this point in the history

  6. Add documentation for the centralized TSL configuration 

    It covers the TLS registry, HTTP configuration and gRPC.
    @cescoffier
    cescoffier committed Jun 3, 2024
    Configuration menu
    Copy the full SHA
    bd2d5ef View commit details
    Browse the repository at this point in the history