From dev-return-76440-archive-asf-public=cust-asf.ponee.io@zookeeper.apache.org Mon Dec 3 12:15:14 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id CDAFA180645 for ; Mon, 3 Dec 2018 12:15:13 +0100 (CET) Received: (qmail 46668 invoked by uid 500); 3 Dec 2018 11:15:12 -0000 Mailing-List: contact dev-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@zookeeper.apache.org Delivered-To: mailing list dev@zookeeper.apache.org Received: (qmail 46650 invoked by uid 99); 3 Dec 2018 11:15:12 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Dec 2018 11:15:12 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 26863DFAB2; Mon, 3 Dec 2018 11:15:12 +0000 (UTC) From: arankin-irl To: dev@zookeeper.apache.org Reply-To: dev@zookeeper.apache.org Message-ID: Subject: [GitHub] zookeeper pull request #728: ZOOKEEPER-3160: Custom User SSLContext Content-Type: text/plain Date: Mon, 3 Dec 2018 11:15:12 +0000 (UTC) GitHub user arankin-irl opened a pull request: https://github.com/apache/zookeeper/pull/728 ZOOKEEPER-3160: Custom User SSLContext This is a master branch version of: https://github.com/apache/zookeeper/pull/654 The previous PR was for branch 3.5, and couldn't be merged as that branch is closed for new features. The Zookeeper libraries currently allow you to set up your SSL Context via system properties such as "zookeeper.ssl.keyStore.location" in the X509Util. This covers most simple use cases, where users have software keystores on their harddrive. There are, however, a few additional scenarios that this doesn't cover. Two possible ones would be: 1. The user has a hardware keystore, loaded in using PKCS11 or something similar. 2. The user has no access to the software keystore, but can retrieve an already-constructed SSLContext from their container. For this, I would propose that the X509Util be extended to allow a user to set a property "zookeeper.ssl.client.context" to provide a class which supplies a custom SSL context. This gives a lot more flexibility to the ZK client, and allows the user to construct the SSLContext in whatever way they please (which also future proofs the implementation somewhat). I added a few simple tests to this class around setting the SSLContext, and setting an invalid one. I'm not testing the actual functionality of the SSLContext, etc. You can merge this pull request into a Git repository by running: $ git pull https://github.com/Mastercard/zookeeper ZOOKEEPER-3160 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/zookeeper/pull/728.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #728 ---- commit 7ae74851b8e14bcae80d4eaa1141e076e3953fa6 Author: Alex Rankin Date: 2018-12-03T10:27:35Z Merge pull request #4 from apache/master Master Merge commit 400839a60ff3bd5a4af60710fbd07ce4ae5601a0 Author: Alex Rankin Date: 2018-12-03T11:12:19Z Adding ability to specify custom SSLContext for client ---- ---