-
Notifications
You must be signed in to change notification settings - Fork 440
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[EXPORTER] Add OTLP HTTP SSL support #1793
[EXPORTER] Add OTLP HTTP SSL support #1793
Conversation
There are several compatibility problems when using options of libcurl. And also, there are some SSL options for ALPN, Custom CA, password for certification files, TLS cipher/TLS 1.3 cipher and certification files just for proxy. Some of them also just work on a high version. Can we adapt these options by |
Just a thought, for CURL version 7.70.0 or lesser, if CA certificate for validation is provided as string, we should enforce the SSL handshake to fails, probably by overriding the default system path to read the certificates from: (pseducode) #if LIBCURL_VERSION_NUM >=0x071f00 and ! defined OTEL_HTTPS_INSECURE_ENABLE
if (input_ssl_ca_cert_string.size()) {
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_setopt(curl, CURLOPT_CAINFO, "<inaccessible_file>");
curl_easy_setopy(curl, CURLOPT_CANPATH, "<inaccessible_path>");
}
#endif |
Thanks @owent Implemented |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM and thanks.
…ix the unit test in open-telemetry#1793 . Signed-off-by: owent <admin@owent.net>
…ix the unit test in open-telemetry#1793 . Signed-off-by: owent <admin@owent.net>
…ix the unit test in open-telemetry#1793 . Signed-off-by: owent <admin@owent.net>
LGTM too. |
exporters/otlp/include/opentelemetry/exporters/otlp/otlp_http_exporter_options.h
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes are done well. Have few comments, but nothing blocker. Thanks for the PR :)
ext/include/opentelemetry/ext/http/client/curl/http_client_curl.h
Outdated
Show resolved
Hide resolved
use ENABLE_HTTP_SSL_PREVIEW flag use ENABLE_HTTP_SSL_SSL_PREVIEW flag
All comments to date are addressed. Given the size of the patch, waiting for @ThomsonTan and/or @esigo to comment, and will only merge after an ok-to-merge flag. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Thanks for the great work :)
Thanks. Planning to merge after the SIG meeting |
* commit '7887d32da60f54984a597abccbb0c883f3a51649': (82 commits) [RELEASE] Release version 1.9.0 (open-telemetry#2091) Use sdk_start_ts for MetricData start_ts for instruments having cumulative aggregation temporality. (open-telemetry#2086) [SEMANTIC CONVENTIONS] Upgrade to version 1.20.0 (open-telemetry#2088) [EXPORTER] Add OTLP HTTP SSL support (open-telemetry#1793) Make Windows build environment parallel (open-telemetry#2080) make some hints (open-telemetry#2078) Make some targets parallel in CI pipeline (open-telemetry#2076) [Metrics SDK] Implement Forceflush for Periodic Metric Reader (open-telemetry#2064) Upgraded semantic conventions to 1.19.0 (open-telemetry#2017) Bump actions/stale from 7 to 8 (open-telemetry#2070) Include directory path added for Zipkin exporter example (open-telemetry#2069) Ignore more warning of generated protobuf files than not included in `-Wall` and `-Wextra` (open-telemetry#2067) Add `ForceFlush` for all `LogRecordExporter`s and `SpanExporter`s. (open-telemetry#2000) Remove unused 'alerting' section from prometheus.yml in examples (open-telemetry#2055) Clean warnings in ETW exporters (open-telemetry#2063) Fix default value of `OPENTELEMETRY_INSTALL_default`. (open-telemetry#2062) [EXPORTER] GRPC endpoint scheme should take precedence over OTEL_EXPORTER_OTLP_TRACES_INSECURE (open-telemetry#2060) Fix view names in Prometheus example (open-telemetry#2034) Fix some docs typo (open-telemetry#2057) Checking indices before dereference (open-telemetry#2040) ... # Conflicts: # exporters/ostream/CMakeLists.txt # sdk/src/metrics/state/metric_collector.cc # sdk/src/metrics/state/temporal_metric_storage.cc
Fixes #389 Enable http(s) ssl verification for curl based http_client implementation
Fixes #1402 [Trace SDK] OTLP Trace Exporter secure connection configuration options
Fixes #1756 TLS settings for OtlpHttpExporter
Changes in Exporters environment variables
Added all the helpers required to parse experimental TLS environment variables:
// For TLS 1.0, 1.1, 1.2
// For TLS 1.3
Changes in Exporters options
In OtlpHttpExporterOptions, added the following members:
Added a feature flag
ENABLE_OTLP_HTTP_SSL
, because this is an SDK ABI change.In OtlpHttpExporterOptions, added the following members:
Added a sub feature flag
ENABLE_OTLP_HTTP_SSL_TLS
, because this is an SDK ABI change.Likewise for metrics in OtlpHttpMetricExporterOptions
Likewise for logs in OtlpHttpLogRecordExporterOptions
Changes in Http client
Functional tests
Changes in documentation
For significant contributions please make sure you have completed the following items:
CHANGELOG.md
updated for non-trivial changes