zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (ZOOKEEPER-3160) Custom User SSLContext
Date Tue, 02 Oct 2018 16:16:00 GMT

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-3160?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

ASF GitHub Bot updated ZOOKEEPER-3160:
    Labels: features pull-request-available ready-to-commit  (was: features ready-to-commit)

> Custom User SSLContext
> ----------------------
>                 Key: ZOOKEEPER-3160
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3160
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: java client
>    Affects Versions: 3.5.4
>            Reporter: Alex Rankin
>            Priority: Minor
>              Labels: features, pull-request-available, ready-to-commit
> The Zookeeper libraries currently allow you to set up your SSL Context via system properties
such as "zookeeper.ssl.keyStore.location" in the X509Util. This covers most simple use cases,
where users have software keystores on their harddrive.
> There are, however, a few additional scenarios that this doesn't cover. Two possible
ones would be:
>  # The user has a hardware keystore, loaded in using PKCS11 or something similar.
>  # The user has no access to the software keystore, but can retrieve an already-constructed
SSLContext from their container.
> For this, I would propose that the X509Util be extended to allow a user to set a property
such as "zookeeper.ssl.client.context" to provide a class which supplies a custom SSL context.
This gives a lot more flexibility to the ZK client, and allows the user to construct the SSLContext
in whatever way they please (which also future proofs the implementation somewhat).
> I've already completed this feature, and will put in a PR soon for it.

This message was sent by Atlassian JIRA

View raw message