As a preface, I fundamentally love what has already been achieved with FoundationDB. Constructing a reliable and flexible primitive (KV) and building on top of it feels so clearly the right idea to me. I love that there are hints of BigTable history too
I’ve been setting up a cluster for FoundationDB on a public cloud and have wanted to add TLS for communication. I have followed the instructions as best I can from FDB’s TLS page but have yet to get success.
The trace reports “FDBLibTLSVerifyCert VerifyError self signed certificate” followed by “TLSConnectionHandshakeError” so I’d imagine I’m just following the setup incorrectly. I also looked at the tests provided in the TLS plugin directory to try to shed some light but that hasn’t led me to success.
Given I’ve produced
fdb.pem from scratch using the OpenSSL instructions on that page, can anyone help me with what’s the minimal amount of settings to have my servers and clients communicating using TLS? I may well be failing to set
tls_ca_file correctly though I’ve tried a few permutations so far.
If someone helps me even in loose form here I’ll happily update the documentation so you’ll get less questions from people like me Thanks!
P.S. I’ve also found that if the Python client has an issue with forming a connection (either due to TLS or purposefully breaking the cluster file by changing the descriptor for example) then Python will freeze indefinitely and must be Ctrl + Z’ed. I will investigate that further and potentially create an issue.