mirror of
https://github.com/scylladb/scylladb.git
synced 2026-04-28 12:17:02 +00:00
509a41db04
When Alternator is enabled over HTTPS - by setting the "alternator_https_port" option - it needs to know some SSL-related options, most importantly where to pick up the certificate and key. Before this patch, we used the "server_encryption_options" option for that. However, this was a mistake: Although it sounds like these are the "server's options", in fact prior to Alternator this option was only used when communicating with other servers - i.e., connections between Scylla nodes. For CQL connections with the client, we used a different option - "client_encryption_options". This patch introduces a third option "alternator_encryption_options", which controls only Alternator's HTTPS server. Making it separate from the existing CQL "client_encryption_options" allows both Alternator and CQL to be active at the same time but with different certificates (if the user so wishes). For backward compatibility, we temporarily continue to allow server_encryption_options to control the Alternator HTTPS server if alternator_encryption_options is not specified. However, this generates a warning in the log, urging the user to switch. This temporary workaround should be removed in a future version. This patch also: 1. fixes the test run code (which has an "--https" option to test over https) to use the new name of the option. 2. Adds documentation of the new option in alternator.md and protocols.md - previously the information on how to control the location of the certificate was missing from these documents. Fixes #7204. Signed-off-by: Nadav Har'El <nyh@scylladb.com> Message-Id: <20200930123027.213587-1-nyh@scylladb.com>