• Kirill Smelkov's avatar
    client: Allow to force TLS via neos:// scheme · 211ec0a7
    Kirill Smelkov authored
    Similarly to how it is done with e.g. http:// and https:// - if neos://
    is given TLS usage is forced and ca/cert/key must be there either in the
    URI itself, or in $NEO_CA, $NEO_CERT and $NEO_KEY environment variables
    mimicking the way how e.g. for https:// TLS credentials are taken from
    host environment, not from the uri.
    
    The latter might be usability convenience, but is also useful for WCFS
    which needs to be able to remove secrets from uri on zurl normalization.
    
    Please see discussion at nexedi/neoppod!18 (comment 184439)
    for details.
    
    /cc @levin.zimmermann
    /reviewed-by @jm
    /reviewed-on nexedi/neoppod!21
    
    (cherry-picked from commit bc3e38ea)
    211ec0a7
zodburi.py 4.26 KB