I can help review this On Apr 20, 2017 2:22 PM, "Abraham Fine" <af...@apache.org> wrote:
> Hello- > > I have been continuing work on ZOOKEEPER-236 and it would be great to > get feedback from the community on the patch. The pull request can be > found here: https://github.com/apache/zookeeper/pull/184 > > ZOOKEEPER-236 provides the ability to use SSL/TLS to secure > communication within the ZooKeeper quorum. > > Documentation will be handled in another pull request but the usage is > very similar to our existing Client <-> Quorum functionality, here is an > overview of the basic configuration. > > System properties are set on each member of the quorum, for example: > -Dzookeeper.ssl.quorum.keyStore.location=keystore.jks > -Dzookeeper.ssl.quorum.keyStore.password=password > -Dzookeeper.ssl.quorum.trustStore.location=truststore.jks > > A flag is set in the cfg files: > sslQuorum=true > > The best way to see all the functionality provided by this patch is to > take a look at the integration tests: > https://github.com/afine/zookeeper/blob/3c6c81b69b7105fa7c5235a0f27718 > a7eae195de/src/java/test/org/apache/zookeeper/test/QuorumSSLTest.java. > The integration tests contain examples showing how hostname > verification, rolling upgrades, cipher configuration, protocol > configuration, and certificate revocation are handled. > > There is a current outstanding question regarding hostname verification, > please provide input here: > https://github.com/apache/zookeeper/pull/184#discussion_r111485824 > > Looking forward to hearing everyone's thoughts. > > Thanks, > Abraham Fine > > >
