@@ -21,18 +21,20 @@ The TLS helper must be on the PATH for the Greengrass nucleus daemons. The
2121binary name must be ` ggl-tls-helper ` . Greengrass nucleus daemons will invoke it
2222by executing ` ggl-tls-helper ` .
2323
24- The helper will be passed the following as its args:
24+ The process invoking the helper must pass the following as its args:
2525
2626- ` --endpoint ` followed by the endpoint to connect to with TLS.
27+ - ` --port ` followed by the port to use for the TCP connection to the endpoint.
2728- ` --private-key ` followed by the ` system.privateKeyPath ` config value.
2829- ` --certificate ` followed by the ` system.certificateFilePath ` config value.
2930- ` --root-ca ` followed by the ` system.rootCaPath ` config value.
3031
31- If Greengrass has proxy configuration, the following environment variables are
32- set: ` ALL_PROXY ` , ` HTTP_PROXY ` , ` HTTPS_PROXY ` , and ` NO_PROXY ` . If proxies are to
33- be supported, these should be used for connecting the the proxy and proxy
34- exceptions. These variables are to be interpreted in the same way as for
35- Greengrass components, and are recognized by libraries like OpenSSL and libcurl.
32+ The invoking process may additionally set the following args:
33+
34+ - ` --proxy ` followed by the proxy HTTP/HTTPS endpoint to use.
35+
36+ When passed a ` --proxy ` arg, the TLS helper MUST either use it for the
37+ connection or exit with a non-zero error code.
3638
3739The TLS helper will also get a control socket at file descriptor ` 3 ` . This will
3840be a unix domain socket. Except in case of an error, the helper MUST use the the
0 commit comments