From dev-return-71000-archive-asf-public=cust-asf.ponee.io@zookeeper.apache.org  Thu Jun 28 02:30:20 2018
Return-Path: <dev-return-71000-archive-asf-public=cust-asf.ponee.io@zookeeper.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx-eu-01.ponee.io (Postfix) with SMTP id ECAC8180625
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 28 Jun 2018 02:30:19 +0200 (CEST)
Received: (qmail 11652 invoked by uid 500); 28 Jun 2018 00:30:19 -0000
Mailing-List: contact dev-help@zookeeper.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@zookeeper.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@zookeeper.apache.org>
List-Post: <mailto:dev@zookeeper.apache.org>
List-Id: <dev.zookeeper.apache.org>
Reply-To: dev@zookeeper.apache.org
Delivered-To: mailing list dev@zookeeper.apache.org
Received: (qmail 11635 invoked by uid 99); 28 Jun 2018 00:30:18 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Jun 2018 00:30:18 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id 38782E0ABE; Thu, 28 Jun 2018 00:30:18 +0000 (UTC)
From: ivmaykov <git@git.apache.org>
To: dev@zookeeper.apache.org
Reply-To: dev@zookeeper.apache.org
References: <git-pr-184-zookeeper@git.apache.org>
In-Reply-To: <git-pr-184-zookeeper@git.apache.org>
Subject: [GitHub] zookeeper issue #184: ZOOKEEPER-236: SSL Support for Atomic Broadcast protoc...
Content-Type: text/plain
Message-Id: <20180628003018.38782E0ABE@git1-us-west.apache.org>
Date: Thu, 28 Jun 2018 00:30:18 +0000 (UTC)

Github user ivmaykov commented on the issue:

    https://github.com/apache/zookeeper/pull/184
  
    @anmolnar thanks for the hard work! Our plan is to run this on a real cluster for about a month, if everything is working well, that will be a pretty good argument for "this code is ready to be merged to master".
    
    There are 2 pieces of functionality that I would like to add:
    - support for PEM-encoded certs and private keys. I have this working already, just need to figure out how to stack my PR on top of your PR.
    - re-initialize the SSLContext when the cert file changes, without restarting the server. Our certs are not very long-lived and are refreshed by a mechanism outside of ZK, so ZK process may outlive a cert and will need to refresh it. This is not yet done, but I'm starting to work on it, will send that PR out once it's ready as well.


---