stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
docs/features/unchecked/router/tls-mtls-transport-plugin.md Normal file
View File

@@ -0,0 +1,29 @@
# TLS/mTLS Transport Plugin
## Module
Router
## Status
IMPLEMENTED
## Description
TLS transport wrapping TCP with SslStream, supporting mutual TLS (mTLS) with client certificate validation, certificate hot-reload without connection drops, and configurable cipher suites.
## Implementation Details
- **Modules**: `src/Router/__Libraries/StellaOps.Router.Transport.Tls/`
- **Key Classes**:
- `TlsTransportPlugin` (`src/Router/__Libraries/StellaOps.Router.Transport.Tls/TlsTransportPlugin.cs`) - plugin registration for TLS/mTLS transport
- `TlsTransportServer` (`src/Router/__Libraries/StellaOps.Router.Transport.Tls/TlsTransportServer.cs`) - TLS-wrapped transport server with mTLS support
- `TlsTransportClient` (`src/Router/__Libraries/StellaOps.Router.Transport.Tls/TlsTransportClient.cs`) - TLS-wrapped transport client with client certificate
- `CertificateLoader` (`src/Router/__Libraries/StellaOps.Router.Transport.Tls/CertificateLoader.cs`) - loads certificates from file/store
- `CertificateWatcher` (`src/Router/__Libraries/StellaOps.Router.Transport.Tls/CertificateWatcher.cs`) - watches certificate files for hot-reload without connection drops
- `TlsConnection` (`src/Router/__Libraries/StellaOps.Router.Transport.Tls/TlsConnection.cs`) - TLS connection wrapper
- **Interfaces**: `IRouterTransportPlugin`, `ITransportServer`, `ITransportClient`, `IMicroserviceTransport`
- **Source**: batch_52/file_04.md
## E2E Test Plan
- [ ] Register `TlsTransportPlugin` and verify TLS-encrypted communication between gateway and microservice
- [ ] Enable mTLS and verify client certificate validation rejects connections without valid client certs
- [ ] Replace a server certificate and verify `CertificateWatcher` hot-reloads without dropping active connections
- [ ] Verify cipher suite configuration: restrict to specific ciphers and confirm they are enforced
- [ ] Verify connection fails with expired or self-signed certificates when validation is strict