zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hanm <...@git.apache.org>
Subject [GitHub] zookeeper pull request #184: ZOOKEEPER-236: SSL Support for Atomic Broadcast...
Date Sun, 30 Apr 2017 23:07:54 GMT
Github user hanm commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/184#discussion_r114086721
  
    --- Diff: src/java/main/org/apache/zookeeper/common/ZKConfig.java ---
    @@ -107,14 +99,33 @@ private void init() {
          * this configuration.
          */
         protected void handleBackwardCompatibility() {
    -        properties.put(SSL_KEYSTORE_LOCATION, System.getProperty(SSL_KEYSTORE_LOCATION));
    -        properties.put(SSL_KEYSTORE_PASSWD, System.getProperty(SSL_KEYSTORE_PASSWD));
    -        properties.put(SSL_TRUSTSTORE_LOCATION, System.getProperty(SSL_TRUSTSTORE_LOCATION));
    -        properties.put(SSL_TRUSTSTORE_PASSWD, System.getProperty(SSL_TRUSTSTORE_PASSWD));
    -        properties.put(SSL_AUTHPROVIDER, System.getProperty(SSL_AUTHPROVIDER));
             properties.put(JUTE_MAXBUFFER, System.getProperty(JUTE_MAXBUFFER));
             properties.put(KINIT_COMMAND, System.getProperty(KINIT_COMMAND));
             properties.put(JGSS_NATIVE, System.getProperty(JGSS_NATIVE));
    +
    +        ClientX509Util clientX509Util = new ClientX509Util();
    +        putSSLProperties(clientX509Util);
    +        properties.put(clientX509Util.getSslAuthProviderProperty(),
    +                System.getProperty(clientX509Util.getSslAuthProviderProperty()));
    +
    +        putSSLProperties(new QuorumX509Util());
    --- End diff --
    
    Do we need this call here? This function handles backward compatibility between old way
of extracting configs from system properties and the introduce of ZKConfig class (which was
done after client-server SSL was added). Quorum ssl does not exist before, so there is no
need to handle backward compatibility for it.
    
    If the purpose is to populate various system properties of quorum ssl then maybe find
another place to make the initialization call?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message