zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-3160) Custom User SSLContext
Date Fri, 25 Jan 2019 17:06:00 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-3160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16752449#comment-16752449

Hudson commented on ZOOKEEPER-3160:

SUCCESS: Integrated in Jenkins build Zookeeper-trunk-single-thread #205 (See [https://builds.apache.org/job/Zookeeper-trunk-single-thread/205/])
ZOOKEEPER-3160: Custom User SSLContext (andor: rev 045833b795a7041607337b192fa3dbcf2cc3f291)
* (edit) zookeeper-server/src/test/java/org/apache/zookeeper/common/X509UtilTest.java
* (edit) zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java
* (edit) zookeeper-server/src/main/java/org/apache/zookeeper/common/ZKConfig.java

> Custom User SSLContext
> ----------------------
>                 Key: ZOOKEEPER-3160
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3160
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: java client
>    Affects Versions: 3.5.4
>            Reporter: Alex Rankin
>            Priority: Minor
>              Labels: features, pull-request-available, ready-to-commit
>             Fix For: 3.6.0
>          Time Spent: 13.5h
>  Remaining Estimate: 0h
> The Zookeeper libraries currently allow you to set up your SSL Context via system properties
such as "zookeeper.ssl.keyStore.location" in the X509Util. This covers most simple use cases,
where users have software keystores on their harddrive.
> There are, however, a few additional scenarios that this doesn't cover. Two possible
ones would be:
>  # The user has a hardware keystore, loaded in using PKCS11 or something similar.
>  # The user has no access to the software keystore, but can retrieve an already-constructed
SSLContext from their container.
> For this, I would propose that the X509Util be extended to allow a user to set a property
such as "zookeeper.ssl.client.context" to provide a class which supplies a custom SSL context.
This gives a lot more flexibility to the ZK client, and allows the user to construct the SSLContext
in whatever way they please (which also future proofs the implementation somewhat).
> I've already completed this feature, and will put in a PR soon for it.

This message was sent by Atlassian JIRA

View raw message