Closed aeijdenberg closed 6 years ago
@aeijdenberg thanks for the PR! A few early feedbacks:
Apparently x509.SystemCertPool()
was added in in Golang 1.7, and I guess the CI is on an older version? Let me know if it's important to support older versions.
Upstream sarama
has now merged the PR I sent to add a function needed for testing.
Have rebased on current master
with a commit to update the vendored version of sarama
, and then squashed the other commits for this change into one, including some basic tests.
Note that I contributed some of those same tests into sarama
as well, so I don't know if we should repeat them here or not.
Apparently x509.SystemCertPool() was added in in Golang 1.7, and I guess the CI is on an older version? Let me know if it's important to support older versions.
@aeijdenberg no, feel free to bump to 1.9.x+tip
@CAFxX - is there anything else that you're waiting for me on?
I think I fixed the last tests (failing on Go 1.6 - by simply excluding Go 1.6 from testing).
Should be OK to merge, I'm just waiting for internal approval to proceed (sorry!)
@aeijdenberg merged and closed, thanks!
@CAFxX - you are most welcome! Now I need to go and finish work on the other side - kafka-boshrelease...
(and make this the default unless opt-in to no TLS)
To see an example of this being used, see https://github.com/govau/kafka-boshrelease/tree/moartls (particularly the example operator files that add it to a
cf-deployment
) - I'm still working out how best to make a PR there.I'm guessing that in order to accept this PR, you might want to flip the default back to current state (ie plaintext), but I thought I'd start with "secure by default", as that seems to match best the "insecure_skip_ssl_verify" and similar flags used elsewhere.