accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Berman (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (ACCUMULO-1009) Support encryption over the wire
Date Fri, 04 Oct 2013 16:09:41 GMT

     [ https://issues.apache.org/jira/browse/ACCUMULO-1009?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Michael Berman updated ACCUMULO-1009:
-------------------------------------

    Attachment: ACCUMULO-1009_thriftSsl-2013-10-4.patch

Ok, in an effort to unblock this changeset from the provisioning issue (which I'll file as
a separate issue), I've attached a new patch where CertUtils is pulled out of server and minicluster
has no capability to generate its own certs.

I know [~ctubbsii] wants to switch to using keytool-maven-plugin for the provisioning in our
integration tests, but it doesn't actually support cert generation without JDK 1.7, and my
understanding is that we want to stay 1.6 compatible for the time being.  (It's also not clear
that it supports generating self-signed certs without external tools even then.)  So, for
now, I just moved CertUtils (and the corresponding bouncycastle deps) into a test-only scope.

I've also included an \@Ignored test of our support for SSL config through JSSE system properties,
however, at the moment it appears that setting JSSE system properties breaks ZK connections.
 This seems likely to be related to ZOOKEEPER-1554, but I'll do some more investigation and
comment over there.  So, I know [~ctubbsii] was pretty insistent that we support JSSE config,
but should we include it even though we know it won't work, in anticipation of the ZK issues
getting resolved in the future, or should we pull the support completely until there's a chance
of it actually working?

> Support encryption over the wire
> --------------------------------
>
>                 Key: ACCUMULO-1009
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1009
>             Project: Accumulo
>          Issue Type: New Feature
>            Reporter: Keith Turner
>            Assignee: Michael Berman
>             Fix For: 1.6.0
>
>         Attachments: ACCUMULO-1009_thriftSsl-2013-10-4.patch, ACCUMULO-1009_thriftSsl.patch
>
>
> Need to support encryption between ACCUMULO clients and servers.  Also need to encrypt
communications between server and servers.   
> Basically need to make it possible for users to enable SSL+thrift.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message