Good point about the two callers of SslFactory. We can move the SslEngine validation to a separate class and call it in both places. That SslEngine validation class would not be part of the public API and therefore we don't need to fuss about its API. -----Original Message----- From: Maulin Vasavada [mailto:maulin.vasav...@gmail.com] Sent: Tuesday, September 17, 2019 2:28 AM To: dev@kafka.apache.org Subject: Re: [DISCUSS] KIP-519: Make SSL context/engine configuration extensible
Hi Clement/Rajini When I read your responses - I swing between both of your suggestions :) I see both of your points. Let me ponder little bit more and give me take in a day or so. I tend to agree with Clement in a sense that we need to define clear responsibilities of classes. Right now I feel it's not clear. Also, I tend to agree to both of you about keystore/truststore validation - the conflict I've to propose a clean agreeable solution to. One clarification to Clement is - there are two classes using SslFactory today - SslChannelBuilder and SaslChannelBuilder so we have to keep that in mind. However, once we have clear responsibilities of classes, that should automatically clear what goes where. Thanks Maulin