[ https://issues.apache.org/jira/browse/CASSANDRA-16666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17418843#comment-17418843 ]
Jon Meredith commented on CASSANDRA-16666: ------------------------------------------ Apologies for the lack of updates. I went through and did a last round of review and have a few minor cosmetic fixes to comments/imports and moving the last openssl test. https://github.com/jonmeredith/cassandra/commit/7a6e486f159403c57201469d75904fc53f179c56 I did kick off CI, and am in the process of checking for legitimate failures vs test flakes ||Branch||Source||Circle CI||Jenkins|| |trunk|[branch|https://github.com/jonmeredith/cassandra/tree/commit_remote_branch/CASSANDRA-16666-trunk-A688E5F7-4E55-455F-AFA0-07D2D796855C]|[build|https://app.circleci.com/pipelines/github/jonmeredith/cassandra?branch=commit_remote_branch%2FCASSANDRA-16666-trunk-A688E5F7-4E55-455F-AFA0-07D2D796855C]|[build|https://ci-cassandra.apache.org/job/Cassandra-devbranch/1122/]| We also need a second committer to review, I'll try and recruit somebody. > Make SSLContext creation pluggable/extensible > --------------------------------------------- > > Key: CASSANDRA-16666 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16666 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Internode > Reporter: Maulin Vasavada > Assignee: Maulin Vasavada > Priority: Normal > Fix For: 4.x > > > Currently Cassandra creates the SSLContext via SSLFactory.java. SSLFactory is > a final class with static methods and not overridable. The SSLFactory loads > the keys and certs from the file based artifacts for the same. While this > works for many, in the industry where security is stricter and contextual, > this approach falls short. Many big organizations need flexibility to load > the SSL artifacts from a custom resource (like custom Key Management > Solution, HashiCorp Vault, Amazon KMS etc). While JSSE SecurityProvider > architecture allows us flexibility to build our custom mechanisms to validate > and process security artifacts, many times all we need is to build upon > Java's existing extensibility that Trust/Key Manager interfaces provide to > load keystores from various resources in the absence of any customized > requirements on the Keys/Certificate formats. > My proposal here is to make the SSLContext creation pluggable/extensible and > have the current SSLFactory.java implement an extensible interface. > I contributed a similar change that is live now in Apache Kafka (2.6.0) - > https://issues.apache.org/jira/browse/KAFKA-8890 > I can spare some time writing the pluggable interface and run by the required > reviewers. > > Created [CEP-9: Make SSLContext creation > pluggable|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-9%3A+Make+SSLContext+creation+pluggable] > > > cc: [~dcapwell] [~djoshi] -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org