diff options
| -rw-r--r-- | xlators/mgmt/glusterd/src/glusterd-handler.c | 13 | ||||
| -rw-r--r-- | xlators/mgmt/glusterd/src/glusterd.c | 13 |
2 files changed, 18 insertions, 8 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-handler.c b/xlators/mgmt/glusterd/src/glusterd-handler.c index 9e52effa9f3..67f6e9eaf04 100644 --- a/xlators/mgmt/glusterd/src/glusterd-handler.c +++ b/xlators/mgmt/glusterd/src/glusterd-handler.c @@ -3047,6 +3047,19 @@ glusterd_friend_rpc_create (xlator_t *this, glusterd_peerinfo_t *peerinfo, } } + /* Enable encryption for the client connection if management encryption + * is enabled + */ + if (this->ctx->secure_mgmt) { + ret = dict_set_str (options, "transport.socket.ssl-enabled", + "on"); + if (ret) { + gf_log ("glusterd", GF_LOG_ERROR, + "failed to set ssl-enabled in dict"); + goto out; + } + } + ret = glusterd_rpc_create (&peerinfo->rpc, options, glusterd_peer_rpc_notify, peerctx); if (ret) { diff --git a/xlators/mgmt/glusterd/src/glusterd.c b/xlators/mgmt/glusterd/src/glusterd.c index b9a43cd32ce..c6886c1231d 100644 --- a/xlators/mgmt/glusterd/src/glusterd.c +++ b/xlators/mgmt/glusterd/src/glusterd.c @@ -1371,18 +1371,15 @@ init (xlator_t *this) goto out; } + /* Enable encryption for the TCP listener is management encryption is + * enabled + */ if (this->ctx->secure_mgmt) { - /* - * The socket code will turn on SSL based on the same check, - * but that will by default turn on own-thread as well and - * we're not multi-threaded enough to handle that. Thus, we - * override the value here. - */ ret = dict_set_str (this->options, - "transport.socket.own-thread", "off"); + "transport.socket.ssl-enabled", "on"); if (ret != 0) { gf_log (this->name, GF_LOG_ERROR, - "failed to clear own-thread"); + "failed to set ssl-enabled in dict"); goto out; } /* |