You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2016/04/30 00:13:01 UTC
couchdb commit: updated refs/heads/encrypted-rpc to c08961e
Repository: couchdb
Updated Branches:
refs/heads/encrypted-rpc [created] c08961e35
Configure CouchDB for encrypted traffic all over
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/c08961e3
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/c08961e3
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/c08961e3
Branch: refs/heads/encrypted-rpc
Commit: c08961e3540f3ecf4ec2e6f99089b8d2133114df
Parents: 9f4103f
Author: Robert Newson <rn...@apache.org>
Authored: Fri Apr 29 22:57:01 2016 +0100
Committer: Robert Newson <rn...@apache.org>
Committed: Fri Apr 29 23:12:07 2016 +0100
----------------------------------------------------------------------
.gitignore | 2 ++
Makefile | 14 +++++++++++++-
rel/overlay/etc/vm.args | 6 ++++++
3 files changed, 21 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/c08961e3/.gitignore
----------------------------------------------------------------------
diff --git a/.gitignore b/.gitignore
index 77ae520..0c901ef 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,3 +31,5 @@ src/couch/priv/couchspawnkillable
.rebar
bin/
apache-couchdb-*/
+
+*.pem
http://git-wip-us.apache.org/repos/asf/couchdb/blob/c08961e3/Makefile
----------------------------------------------------------------------
diff --git a/Makefile b/Makefile
index cefc5da..40399ae 100644
--- a/Makefile
+++ b/Makefile
@@ -63,7 +63,7 @@ help:
.PHONY: couch
# target: couch - Build CouchDB core
-couch: config.erl
+couch: certs config.erl
@COUCHDB_VERSION=$(COUCHDB_VERSION) $(REBAR) compile
@cp src/couch/priv/couchjs bin/
@@ -299,6 +299,7 @@ clean:
@rm -f src/couch/priv/couchspawnkillable
@rm -f src/couch/priv/couch_js/config.h
@rm -f dev/boot_node.beam dev/pbkdf2.pyc log/crash.log
+ @rm -r *.pem
.PHONY: distclean
@@ -362,3 +363,14 @@ ifeq ($(with_fauxton), 1)
@echo "Building Fauxton"
@cd src/fauxton && npm install --production && ./node_modules/grunt-cli/bin/grunt couchdb
endif
+
+certs: ecc_cert.pem
+
+%_cert.pem: %_key.pem %_csr.pem
+ @openssl req -x509 -days 99999 -key $*_key.pem -in $*_csr.pem -out $@
+
+%_csr.pem: %_key.pem
+ @openssl req -new -key $< -out $@ -subj "/O=Apache Software Foundation/OU=Apache CouchDB"
+
+ecc_key.pem:
+ @openssl ecparam -genkey -name prime256v1 -out ecc_key.pem
http://git-wip-us.apache.org/repos/asf/couchdb/blob/c08961e3/rel/overlay/etc/vm.args
----------------------------------------------------------------------
diff --git a/rel/overlay/etc/vm.args b/rel/overlay/etc/vm.args
index b69ad82..462195e 100644
--- a/rel/overlay/etc/vm.args
+++ b/rel/overlay/etc/vm.args
@@ -31,5 +31,11 @@
# Start a pool of asynchronous IO threads
+A 16
+# Encrypt the RPC traffic
+-proto_dist inet_tls
+-ssl_dist_opt server_certfile "ecc_cert.pem"
+-ssl_dist_opt server_keyfile "ecc_key.pem"
+-ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true
+
# Comment this line out to enable the interactive Erlang shell on startup
+Bd -noinput