Return-Path: X-Original-To: apmail-accumulo-notifications-archive@minotaur.apache.org Delivered-To: apmail-accumulo-notifications-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4D5F910B90 for ; Tue, 7 Jan 2014 19:10:01 +0000 (UTC) Received: (qmail 85647 invoked by uid 500); 7 Jan 2014 19:09:53 -0000 Delivered-To: apmail-accumulo-notifications-archive@accumulo.apache.org Received: (qmail 85538 invoked by uid 500); 7 Jan 2014 19:09:52 -0000 Mailing-List: contact notifications-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: jira@apache.org Delivered-To: mailing list notifications@accumulo.apache.org Received: (qmail 85491 invoked by uid 99); 7 Jan 2014 19:09:52 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 Jan 2014 19:09:52 +0000 Date: Tue, 7 Jan 2014 19:09:52 +0000 (UTC) From: "John Vines (JIRA)" To: notifications@accumulo.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (ACCUMULO-1729) ThriftTransport pool does not include ssl options in cache key MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/ACCUMULO-1729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13864567#comment-13864567 ] John Vines commented on ACCUMULO-1729: -------------------------------------- One of the commits made under 1009 > ThriftTransport pool does not include ssl options in cache key > -------------------------------------------------------------- > > Key: ACCUMULO-1729 > URL: https://issues.apache.org/jira/browse/ACCUMULO-1729 > Project: Accumulo > Issue Type: Sub-task > Components: client > Reporter: Keith Turner > Assignee: Michael Berman > Priority: Minor > Fix For: 1.6.0 > > > This ticket was created based on the following [comment|https://issues.apache.org/jira/browse/ACCUMULO-1009?focusedCommentId=13772055&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13772055] from [~mberman] in ACCUMULO-1009. I copied the comment in case the link comment stops working. > {quote} > Multiple ZooKeeperInstances in the same java process with different SSL config (is this possible? It looks like you included ssl options in the Key in ThriftTransportPool?) This could happen if a single process connected to multiple Accumulo instances > {quote} > Generally this should be fine. The cached transports are keyed on (location, timeout, sslEnabled), so if you're connecting to multiple instances from the same process, they should have different locations anyway, so the different SSL settings will be segregated. One potential area for concern is that I'm only using the sslEnabled flag, not the full set of SSL parameters, so if you have connected successfully with some cert, and then in the same process you try to connect with a different cert, you could get a cached, connected transport, even though you might not otherwise trust the remote server (or you might have an invalid client cert, if that's turned on). It seemed to me like this risk was pretty minimal, since you're already in the same process, but if others think it's too big a risk, it would be easy to add all the SSL params to the key. -- This message was sent by Atlassian JIRA (v6.1.5#6160)