> On March 16, 2015, 9:24 p.m., Michael Herstine wrote: > > core/src/main/scala/kafka/network/SocketServer.scala, line 318 > > <https://reviews.apache.org/r/31958/diff/1/?file=891657#file891657line318> > > > > `{want,needs}ClientAuth` can be tricky-- check the javadoc for > > `SSLEngine.setWantClientAuth`... there are actually only three states: > > required, requested, not desired, and the last call to > > `{want,needs}ClientAuth` "wins". > > > > So, if "needs" is True and "wants" is false, invoking the methods in > > this order will actually overwrite the "needs" setting. Recommend something > > like: > > > > if (sslConnectionConfig.needClientAuth) { > > sslEngine.setNeedClientAuth(true); > > } else { > > sslEngine.setNeedClientAuth(false); > > sslEngine.setWantClientAuth(sslConnectionConfig.wantClientAuth); > > }
Thanks for pointing it out I'll fix that. - Sriharsha ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31958/#review76640 ----------------------------------------------------------- On March 11, 2015, 9:36 p.m., Sriharsha Chintalapani wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/31958/ > ----------------------------------------------------------- > > (Updated March 11, 2015, 9:36 p.m.) > > > Review request for kafka. > > > Bugs: KAFKA-1684 > https://issues.apache.org/jira/browse/KAFKA-1684 > > > Repository: kafka > > > Description > ------- > > KAFKA-1684. Implement TLS/SSL authentication. > > > Diffs > ----- > > core/src/main/scala/kafka/network/Channel.scala PRE-CREATION > core/src/main/scala/kafka/network/SocketServer.scala > 76ce41aed6e04ac5ba88395c4d5008aca17f9a73 > core/src/main/scala/kafka/network/ssl/SSLChannel.scala PRE-CREATION > core/src/main/scala/kafka/network/ssl/SSLConnectionConfig.scala > PRE-CREATION > core/src/main/scala/kafka/server/KafkaConfig.scala > 48e33626695ad8a28b0018362ac225f11df94973 > core/src/main/scala/kafka/server/KafkaServer.scala > dddef938fabae157ed8644536eb1a2f329fb42b7 > core/src/main/scala/kafka/utils/SSLAuthUtils.scala PRE-CREATION > core/src/test/scala/unit/kafka/network/SocketServerTest.scala > 0af23abf146d99e3d6cf31e5d6b95a9e63318ddb > core/src/test/scala/unit/kafka/server/KafkaConfigConfigDefTest.scala > c124c8df5b5079e5ffbd0c4ea359562a66aaf317 > core/src/test/scala/unit/kafka/utils/TestSSLUtils.scala PRE-CREATION > > Diff: https://reviews.apache.org/r/31958/diff/ > > > Testing > ------- > > > Thanks, > > Sriharsha Chintalapani > >
