search

lightstep / lightstep-tracer-go

The Lightstep distributed tracing library for Go
https://lightstep.com
MIT License
98 stars 54 forks source link

Add ability to configure custom certs with grpc and http clients #201

Closed JulianGriggs closed 5 years ago

JulianGriggs commented 5 years ago

The objective is to be able to support TLS communication with a Satellite signed by a non-system default Root CA.

iredelmeier commented 5 years ago

Argh, "update branch" used a merge commit. @JulianGriggs mind if I revert, rebase, and force push the branch?

Also, are the code changes ready for review? I'm happy to take a look if so :)

JulianGriggs commented 5 years ago

@MatthewDolan @iredelmeier This is ready for review. I tested this via the following:

  1. Generate Certs 
    user:~$ certstrap init --common-name "Satellite Testing Cert Auth"
user:~$ certstrap request-cert --domain "localhost"
user:~$ certstrap sign localhost --CA Satellite_Testing_Cert_Auth
user:~$ cp ./out/localhost.key ./out/localhost.key.pem
user:~$ cp ./out/localhost.crt ./out/localhost.bundle.pem
  2. Deploy local satellite with the new certs (localhost.key.pem and localhost.bundle.pem)
  3. Send secure grpc span 
    user:~$ sendspan -access_token [token] -collector_host localhost -collector_port 9997 -operation_name testGRPCSecure -secure=true -transport grpc -custom_ca_cert_file ./out/Satellite_Testing_Cert_Auth.crt
  4. Send secure http span 
    user:~$ sendspan -access_token [token] -collector_host localhost -collector_port 9997 -operation_name testHTTPSecure -secure=true -transport http -custom_ca_cert_file ./out/Satellite_Testing_Cert_Auth.crt