feat: support tls for pg backend (#6611)

* load tls Signed-off-by: Ruihang Xia <waynestxia@gmail.com> * impl tls Signed-off-by: Ruihang Xia <waynestxia@gmail.com> * pass options Signed-off-by: Ruihang Xia <waynestxia@gmail.com> * implement require mode Signed-off-by: Ruihang Xia <waynestxia@gmail.com> * clean up Signed-off-by: Ruihang Xia <waynestxia@gmail.com> * update config Signed-off-by: Ruihang Xia <waynestxia@gmail.com> * fix clippy Signed-off-by: Ruihang Xia <waynestxia@gmail.com> * default to prefer Signed-off-by: Ruihang Xia <waynestxia@gmail.com> * update example config Signed-off-by: Ruihang Xia <waynestxia@gmail.com> * adjust example config Signed-off-by: Ruihang Xia <waynestxia@gmail.com> * handle client cert and key properly Signed-off-by: Ruihang Xia <waynestxia@gmail.com> * implement verify_ca and verify_full Signed-off-by: Ruihang Xia <waynestxia@gmail.com> * update integration test for config api Signed-off-by: Ruihang Xia <waynestxia@gmail.com> * change config name and default mode Signed-off-by: Ruihang Xia <waynestxia@gmail.com> --------- Signed-off-by: Ruihang Xia <waynestxia@gmail.com>
2026-01-06 21:32:58 +00:00 · 2025-08-03 17:41:08 -07:00
parent 31cb769507
commit 572e29b158
16 changed files with 518 additions and 25 deletions
--- a/tests-integration/tests/http.rs
+++ b/tests-integration/tests/http.rs
@@ -1081,6 +1081,7 @@ runtime_size = 8
 mode = "disable"
 cert_path = ""
 key_path = ""
+ca_cert_path = ""
 watch = false

 [mysql]
@@ -1093,6 +1094,7 @@ keep_alive = "0s"
 mode = "disable"
 cert_path = ""
 key_path = ""
+ca_cert_path = ""
 watch = false

 [postgres]
@@ -1105,6 +1107,7 @@ keep_alive = "0s"
 mode = "disable"
 cert_path = ""
 key_path = ""
+ca_cert_path = ""
 watch = false

 [opentsdb]