<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><div><span style="background-color: rgba(255, 255, 255, 0);">Hi,</span></div><div><span style="background-color: rgba(255, 255, 255, 0);"><br></span></div><div><span style="background-color: rgba(255, 255, 255, 0);">"Endpoint" in this context means "twisted endpoint". Twisted endpoints provide an abstract (but not too abstract) means for doing things like listening and connecting, and include TLS support.</span></div><div><span style="background-color: rgba(255, 255, 255, 0);"><br></span></div><div><a href="https://twistedmatrix.com/documents/current/core/howto/endpoints.html" style="background-color: rgba(255, 255, 255, 0);"><font color="#000000">https://twistedmatrix.com/documents/current/core/howto/endpoints.html</font></a></div><div><span style="background-color: rgba(255, 255, 255, 0);"><br></span></div><div><span style="background-color: rgba(255, 255, 255, 0);">An example (minimally specified) TLS endpoint: <code class="docutils literal">tls:example.com:443</code>.</span></div><div><span style="background-color: rgba(255, 255, 255, 0);"><br></span></div><div><span style="background-color: rgba(255, 255, 255, 0);">Note: we tend to use UNIX domain sockets much more than TCP these days, and I don't believe I've ever tested TLS from CalendarServer to Postgres, but it should work if Postgres is configured correctly and you do the right stuff with certs, etc.</span></div><div><span style="background-color: rgba(255, 255, 255, 0);"><br></span></div><div><span style="background-color: rgba(255, 255, 255, 0);">To answer your question, I think the adoption of endpoints by CalendarServer was intended to reap the benefits of endpoints over the previous connection handling code, and omission of a separate TLS parameter is a side effect.</span></div><div><span style="background-color: rgba(255, 255, 255, 0);"><br></span></div><div><span style="background-color: rgba(255, 255, 255, 0);">-dre</span></div><div><span style="background-color: rgba(255, 255, 255, 0);"><br></span><div id="AppleMailSignature"><span style="background-color: rgba(255, 255, 255, 0);">Sent from my iPhone</span></div></div></div><div><br>On Jun 2, 2016, at 8:48 AM, Axel Rau <<a href="mailto:Axel.Rau@chaos1.de">Axel.Rau@chaos1.de</a>> wrote:<br><br></div><blockquote type="cite"><div><span> "DatabaseConnection": { # Used to connect to an external database if DBType is non-empty</span><br><span> "endpoint": "", # Database connection endpoint</span><br><span> "database": "", # Name of database or Oracle SID</span><br><span> "user": "", # User name to connect as</span><br><span> "password": "", # Password to use</span><br><span> },</span><br><span>Is this intentional to omit the ssl parameter here?</span><br><span></span><br><span>Axel</span><br><span>---</span><br><span>PGP-Key:29E99DD6 ☀ computing @ chaos claudius</span><br><span></span><br><span>_______________________________________________</span><br><span>calendarserver-dev mailing list</span><br><span><a href="mailto:calendarserver-dev@lists.macosforge.org">calendarserver-dev@lists.macosforge.org</a></span><br><span><a href="https://lists.macosforge.org/mailman/listinfo/calendarserver-dev">https://lists.macosforge.org/mailman/listinfo/calendarserver-dev</a></span><br></div></blockquote></body></html>