zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ivmaykov <...@git.apache.org>
Subject [GitHub] zookeeper issue #184: ZOOKEEPER-236: SSL Support for Atomic Broadcast protoc...
Date Thu, 28 Jun 2018 00:30:18 GMT
Github user ivmaykov commented on the issue:

    https://github.com/apache/zookeeper/pull/184
  
    @anmolnar thanks for the hard work! Our plan is to run this on a real cluster for about
a month, if everything is working well, that will be a pretty good argument for "this code
is ready to be merged to master".
    
    There are 2 pieces of functionality that I would like to add:
    - support for PEM-encoded certs and private keys. I have this working already, just need
to figure out how to stack my PR on top of your PR.
    - re-initialize the SSLContext when the cert file changes, without restarting the server.
Our certs are not very long-lived and are refreshed by a mechanism outside of ZK, so ZK process
may outlive a cert and will need to refresh it. This is not yet done, but I'm starting to
work on it, will send that PR out once it's ready as well.


---

Mime
View raw message