aratno opened a new pull request, #1907: URL: https://github.com/apache/cassandra-java-driver/pull/1907
Jira: https://issues.apache.org/jira/browse/CASSANDRA-19180 This PR includes keystore reloading for `DefautlSslEngineFactory`, implemented by checking the contents of the keystore file at a periodic interval. This is intended to be useful in environments where mTLS is enabled, application instances restart infrequently, and certificates are short-lived. The existing default behavior (no reloading at all) would cause application re-connections to fail after the client certificate in the original keystore has expired, requiring an application restart to establish a new session to pick up the updated contents of the keystore file. This PR does not include a mechanism for updating the contents of a keystore file in different environments. In some environments where client certificates are automatically renewed, an application may have to load those certificates into their keystore with a tool like fsnotify or a cronjob to keep identity certificates and the client-referenced keystore file in sync. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
