PVA: Update to track TLS support in PVXS #2763

kasemir · 2023-08-10T15:11:25Z

Name of settings changed from ..SERVER_KEYSTORE/..CLIENT_TRUSTSTORE to EPICS_PVA(S)_TLS_KEYCHAIN as used by PVXS

If server keychain is configured, server listens on additional TLS port (new EPICS_PVAS_TLS_PORT setting).

If client keychain is configured, searches are issued for both "tcp" and "tls". Server will prefer "tls" but still reply to "tcp" from non-secure clients.

.. if TLS is enabled, otherwise only TCP

kasemir added 9 commits August 3, 2023 16:36

Example for 'certificate authority'

6a49a10

Switch to EPICS_PVA(S)_TLS_KEYCHAIN as used by PVXS

7dccac6

Search uses 'tls' if enabled

812fc47

typos

ab79133

PVA client: Handle both "tcp" and "tls" in search reply

c9f9b70

PVA server replies 'tls' or 'tcp'...

c1d0d7e

Forwarded searches preserve TLS setting of original search

7dc08d4

Server listens on TCP and TLS, allowing both plain and TLS clients

37c4d12

.. if TLS is enabled, otherwise only TCP

PVA client: Start search 'now'

c7943b8

kasemir merged commit 14d5b14 into master Aug 10, 2023
2 checks passed

kasemir deleted the pva_tls branch August 10, 2023 17:52

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PVA: Update to track TLS support in PVXS #2763

PVA: Update to track TLS support in PVXS #2763

kasemir commented Aug 10, 2023

PVA: Update to track TLS support in PVXS #2763

PVA: Update to track TLS support in PVXS #2763

Conversation

kasemir commented Aug 10, 2023