Closed anujgoyal closed 6 years ago
Hi, Thanks! I initially faced that problem too and the solution is on this page: https://code.kx.com/q/cookbook/ssl/.
Basically, you need to create some certificates.
Create some directory to store your certs and then run these commands there: //Create CA certificate openssl genrsa 2048 > ca-key.pem openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca.pem -extensions usr_cert -subj '/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=examplebrooklyn.com'
//Create server certificate, remove passphrase, and sign it //server-crt.pem = public key, server-key.pem = private key openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem -extensions usr_cert -subj '/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=myname.com' openssl rsa -in server-key.pem -out server-key.pem openssl x509 -req -in server-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out server-crt.pem -extensions usr_cert
// Create client certificate, remove passphrase, and sign it // client-crt.pem = public key, client-key.pem = private key openssl req -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out client-req.pem -extensions usr_cert -subj '/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=myname.com' openssl rsa -in client-key.pem -out client-key.pem openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-crt.pem -extensions usr_cert
Then, you need to set up some environment variables so that q knows where to get them from.
$ export SSL_CERT_FILE=$HOME/anaconda/ssl/server-crt.pem $ export SSL_KEY_FILE=$HOME/anaconda/ssl/server-key.pem $ export SSL_CA_CERT_FILE=$HOME/anaconda/ssl/cacert.pem $ export SSL_CA_CERT_PATH=$HOME/anaconda/ssl/
Once you have these set appropriately, code should work.
You can confirm that q is picking up correct paths:
q)(-26!)[] SSLEAY_VERSION | OpenSSL 0.9.8zg 14 July 2015 SSL_CERT_FILE | /Users/himanshugupta/anaconda/ssl/server-crt.pem SSL_CA_CERT_FILE | /Users/himanshugupta/anaconda/ssl/cacert.pem SSL_CA_CERT_PATH | /Users/himanshugupta/anaconda/ssl/ SSL_KEY_FILE | /Users/himanshugupta/anaconda/ssl/server-key.pem SSL_CIPHER_LIST | ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:.. SSL_VERIFY_CLIENT| NO SSL_VERIFY_SERVER| YES
Hope that helps!
Your library looks super cool. I happen to be on a Mac - any thoughts on what I need to do?