[jira] [Updated] (KAFKA-4413) Kakfa should support default SSLContext

Tue, 15 Nov 2016 14:44:21 -0800 

     [ 
https://issues.apache.org/jira/browse/KAFKA-4413?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Wenjie Zhang updated KAFKA-4413:
--------------------------------
    Description: Currently, to enable SSL in either consumer or producer, we 
have to provide trustStore file and password. Ideally, if the Kafka server 
configured with CA signed certificate, since JRE includes certain CA ROOT certs 
inside "cacerts", Kafka should support SSL without any trustStore file, 
basically, we should update 
`org.apache.kafka.common.security.ssl.SslFactory.createSSLContext` to use 
`SSLContext.getDefault()` when trustStore file is not needed, not sure if there 
is any other places needs to be updated for this enhancement   (was: Currently, 
to enable SSL in either consumer or producer, we have to provide trustStore 
file and password. Ideally, if the Kafka server configured with CA signed 
certificate, since JRE includes certain CA ROOT certs inside "cacerts", Kafka 
should support using `SSLContext.getDefault()` when creating `SSLContext`, the 
changes need to be made at 
`org.apache.kafka.common.security.ssl.SslFactory.createSSLContext`, not sure if 
there is any other places needs to be updated for this enhancement )

> Kakfa should support default SSLContext
> ---------------------------------------
>
>                 Key: KAFKA-4413
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4413
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 0.10.0.1
>         Environment: All
>            Reporter: Wenjie Zhang
>              Labels: SSLContext, SslFactory, https, ssl
>
> Currently, to enable SSL in either consumer or producer, we have to provide 
> trustStore file and password. Ideally, if the Kafka server configured with CA 
> signed certificate, since JRE includes certain CA ROOT certs inside 
> "cacerts", Kafka should support SSL without any trustStore file, basically, 
> we should update 
> `org.apache.kafka.common.security.ssl.SslFactory.createSSLContext` to use 
> `SSLContext.getDefault()` when trustStore file is not needed, not sure if 
> there is any other places needs to be updated for this enhancement 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to