[kea-dev] Cassandra SSL support (peer verify + client cert auth)

Dajka Tamás viper at vipernet.hu
Sun Jan 5 09:41:29 UTC 2020

Sorry, failed to read the dev's manual properly. but my initial question
still stands: is anyone working on something like this?


However I've added the new keywords to the parser files I'm still getting
the following error upon testing:


DHCP6_PARSER_FAIL failed to create or run parser for configuration element
lease-database: invalid value type specified for parameter 'ssl'


(ssl is set as a BOOLEAN type in the parser just like tcp-nodelay, in the
conf its "ssl": true ) What did I overlook?






From: kea-dev [mailto:kea-dev-bounces at lists.isc.org] On Behalf Of Dajka
Sent: Saturday, January 4, 2020 9:34 PM
To: kea-dev at lists.isc.org
Subject: [kea-dev] Cassandra SSL support (peer verify + client cert auth)


Dear Devs,


I'm pretty new to KEA, but really interested :) (had been working with the
"old" dhcpd for a long time).


I'm trying to put together a KEA environment with Cassandra cluster backend,
where I'm using cert based auth. (cqlsh from kea server to remove server
with SSL auth works).


Is anyone working on something like this? The only thing I've seen is an ~2
years old PR from Razvan Becheriu (he did only peer verification).


I've checked the latest code and it does not seem impossible to implement.
I'm willing to do so - already did some starting steps - but the first thing
I bumped into is how to get the new keywords accepted by the config - put
into the dictionaries (dhcp6_parser.cc). If nobody is working on something
like this, I'll continue (but will need some help)


The things I'm planning to accomplish for database config:

-          add new token support for"ssl" (bool), "ssl_ca", "ssl_cert",
"ssl_key", "ssl_password"

-          implement datastex driver's possibilities into cql database

-          modify documentation/examples to reflect the changes


Thanks in advance!







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-dev/attachments/20200105/0059e72d/attachment-0001.htm>

More information about the kea-dev mailing list