I can lend support for c++, java and php, I think perhaps these would also be the most requested languages
On Tue, Apr 20, 2010 at 7:51 AM, Mark Slee <ms...@facebook.com> wrote: > Yeah, I think we'd definitely like to have a TSSLSocket implementations in > as many languages as possible. It's obviously a lot more involved in some > than others, especially getting server-side support right, and in C++ > dealing with things like linking in the openssl libs and whatnot. > > There are some other questions around what sort of APIs to support in terms > of using custom certificates/validation, but for a basic PHP client this > should be very easy for someone to whip up in less than a day. > > There's clearly been a lot of interest in these, based upon past threads on > the dev/user lists. HTTPS/stunnel are workable solutions, but I'm sure if > these Transport classes existed, lots of people would start using them. > > Cheers, > mcslee > > -----Original Message----- > From: Michael Lawson (mshindo) [mailto:mich...@sphinix.com] > Sent: Sunday, April 18, 2010 2:15 AM > To: thrift-dev@incubator.apache.org > Subject: Re: SSL > > ssl is the more preferred method, because we also want to use the thrift > api > for a command line interface, which will be in c++. There are pretty simple > ssl api's for php, I dont think it would be much trouble to smash out a > Transport client. > > On Sun, Apr 18, 2010 at 8:24 PM, Fred Potter <fpot...@gmail.com> wrote: > > > Hi Michael, > > > > Are you still using http for the transport? If so, I'm sure the http > > transport available for most the language libraries will work over > > https by just changing the URL. I don't know about your needs, but > > for me, thrift over http is about as good as thrift over plain sockets > > (assuming keep-alive is working so that each request isn't made on its > > own tcp connection). > > > > I doubt there are plans to introduce SSL socket clients for each > > library. Remember, Thrift was originally built for communication > > across an intranet and not really for publicly exposed services. > > > > I wonder if you couldn't rig something up with stunnel to satisfy your > > needs without having to modify any of the thrift clients? > > > > Maybe something that looks like: > > (php page) <--> (thrift socket client) <--> (stunnel instance on same > > machine) <--> (... untrusted network ...) <--> (cpp daemon w/ ssl > > patch) > > > > Fred > > > > On Sun, Apr 18, 2010 at 12:41 AM, Michael Lawson (mshindo) > > <mich...@sphinix.com> wrote: > > > Hi All, > > > I am using thrift on a couple of projects, and have struck the need to > > > encrypt communications on one of them. Before moving to thrift > management > > of > > > this particular application was performed via a built in https server, > > > however this was not ideal for several obvious reasons. So we have > moved > > to > > > php for management and use thrift to communicate with the c++ daemon. > > > > > > Some of this information being sent is sensitive, and we need to be > able > > to > > > validate a remote peer. I have looked through Jira and seen that a C++ > > ssl > > > patch was written, but am wondering if there is any plans with regards > to > > > making this mainstream along with developing ssl clients in other > > languages? > > > > > > This requirement is relatively important to my product, so if it helps > > speed > > > up this process, I am more than happy to lend development time to this > > > fantastic project. > > > > > > Regards, > > > > > > -- > > > Michael Lawson > > > > > > > > > -- > Michael Lawson (mshindo) > -- Michael Lawson (mshindo)
