Clojure:使用aleph连接到TLS启用docker守护进程

Question

我正在尝试使用aleph连接到一个相互认证的Docker守护进程。aleph文档显示，您可以传入netty SSL上下文进行身份验证。看起来我正确地创建了SslContext，但所有请求都已关闭

(require '[aleph.http :as http])
(import '[io.netty.handler.ssl SslContext])
(import '[io.netty.handler.ssl SslProvider]) 
(import '[io.netty.handler.ssl SslContextBuilder])

(def ctx
  (doto (SslContextBuilder/forClient)
        (.keyManager (java.io.File. "certs/cert.pem") 
                     (java.io.File. "certs/client.pkcs8"))
        (.trustManager (java.io.File. "certs/ca.pem"))
        (.build)))

(let [pool (http/connection-pool {:connection-options {:ssl-context ctx}})]
  @(http/get (str "http://" host ":" port "/info") {:pool pool}))

结果为："ExceptionInfo连接已关闭clojure.core/ex-info (core.clj:4617)“

有没有人找到了使用TLS连接的好方法？我尝试过https://github.com/aphyr/less-awful-ssl，但这对netty不太起作用。帮帮我！

Answer 1

发现我创建的SslContext对象是错误的。应该是这样的：

(def ctx
 (.build
  (.keyManager
   (.trustManager (SslContextBuilder/forClient) ca)
   cert client-key)))

;; pass in ssl-context via pool
(let [pool (http/connection-pool {:connection-options {:ssl-context ctx}})]
  (-> @(http/get (str "https://" host ":" port "/info") {:pool pool})
      :body
      bs/to-string))