[ https://issues.apache.org/jira/browse/CASSANDRA-16666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17422890#comment-17422890 ]
Maulin Vasavada commented on CASSANDRA-16666: --------------------------------------------- Thanks [~stefan.miklosovic]. Looking forward to the Friday morning! Can we put a link to the new PR#1243 in my original PR and close it (without merge) with an appropriate comment? Btw, I am very impressed by the Apache Cassandra committer community's seriousness/dedication/attention-to-details toward the contributions (Jon/Stefan and other folks taking pain to cleanup PR branches, running/monitoring CIs for PRs etc on top of the essential thorough-reviews/suggestions on the PRs). Just mind blowing! > Make SSLContext creation pluggable/extensible > --------------------------------------------- > > Key: CASSANDRA-16666 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16666 > Project: Cassandra > Issue Type: Improvement > Components: Messaging/Internode > Reporter: Maulin Vasavada > Assignee: Maulin Vasavada > Priority: Normal > Fix For: 4.x > > Attachments: Screenshot from 2021-09-28 10-56-24.png > > > Currently Cassandra creates the SSLContext via SSLFactory.java. SSLFactory is > a final class with static methods and not overridable. The SSLFactory loads > the keys and certs from the file based artifacts for the same. While this > works for many, in the industry where security is stricter and contextual, > this approach falls short. Many big organizations need flexibility to load > the SSL artifacts from a custom resource (like custom Key Management > Solution, HashiCorp Vault, Amazon KMS etc). While JSSE SecurityProvider > architecture allows us flexibility to build our custom mechanisms to validate > and process security artifacts, many times all we need is to build upon > Java's existing extensibility that Trust/Key Manager interfaces provide to > load keystores from various resources in the absence of any customized > requirements on the Keys/Certificate formats. > My proposal here is to make the SSLContext creation pluggable/extensible and > have the current SSLFactory.java implement an extensible interface. > I contributed a similar change that is live now in Apache Kafka (2.6.0) - > https://issues.apache.org/jira/browse/KAFKA-8890 > I can spare some time writing the pluggable interface and run by the required > reviewers. > > Created [CEP-9: Make SSLContext creation > pluggable|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-9%3A+Make+SSLContext+creation+pluggable] > > > cc: [~dcapwell] [~djoshi] -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org