kafka-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ismael Juma (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KAFKA-3700) CRL support
Date Wed, 11 May 2016 12:20:12 GMT

    [ https://issues.apache.org/jira/browse/KAFKA-3700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15280035#comment-15280035
] 

Ismael Juma commented on KAFKA-3700:
------------------------------------

Thanks for filing the JIRA. Certificate revocation is an area that needs work. Would be interested
in proposing a KIP? See the following for details:

https://cwiki.apache.org/confluence/display/KAFKA/Kafka+Improvement+Proposals

> CRL support
> -----------
>
>                 Key: KAFKA-3700
>                 URL: https://issues.apache.org/jira/browse/KAFKA-3700
>             Project: Kafka
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.9.0.1
>            Reporter: Vincent Bernat
>
> Hey!
> Currently, there is no way to specify a CRL to be checked when a client presents its
TLS certificate. Therefore, a revoked certificate is accepted. A CRL can either be provided
as an URL in a certificate but with a private authority, it is more common to have one as
a separate file. A `ssl.crl.location` would come handy to specify a CRL.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message