[jira] [Commented] (ZOOKEEPER-236) SSL Support for Atomic Broadcast protocol

ASF GitHub Bot (JIRA) Mon, 01 May 2017 11:31:30 -0700

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991258#comment-15991258
 ]


ASF GitHub Bot commented on ZOOKEEPER-236:
------------------------------------------

Github user afine commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/184#discussion_r114172228
  
    --- Diff: src/java/main/org/apache/zookeeper/common/ZKConfig.java ---
    @@ -107,14 +99,33 @@ private void init() {
          * this configuration.
          */
         protected void handleBackwardCompatibility() {
    -        properties.put(SSL_KEYSTORE_LOCATION, 
System.getProperty(SSL_KEYSTORE_LOCATION));
    -        properties.put(SSL_KEYSTORE_PASSWD, 
System.getProperty(SSL_KEYSTORE_PASSWD));
    -        properties.put(SSL_TRUSTSTORE_LOCATION, 
System.getProperty(SSL_TRUSTSTORE_LOCATION));
    -        properties.put(SSL_TRUSTSTORE_PASSWD, 
System.getProperty(SSL_TRUSTSTORE_PASSWD));
    -        properties.put(SSL_AUTHPROVIDER, 
System.getProperty(SSL_AUTHPROVIDER));
             properties.put(JUTE_MAXBUFFER, System.getProperty(JUTE_MAXBUFFER));
             properties.put(KINIT_COMMAND, System.getProperty(KINIT_COMMAND));
             properties.put(JGSS_NATIVE, System.getProperty(JGSS_NATIVE));
    +
    +        ClientX509Util clientX509Util = new ClientX509Util();
    +        putSSLProperties(clientX509Util);
    +        properties.put(clientX509Util.getSslAuthProviderProperty(),
    +                
System.getProperty(clientX509Util.getSslAuthProviderProperty()));
    +
    +        putSSLProperties(new QuorumX509Util());
    --- End diff --
    
    Good point. I wanted to handle the configuration for client<->server and 
server<->server ssl as similarly as possible. We share a good amount of code 
between the two and configuration is often read by the same code, so I thought 
it would be easier to just keep them together.
    
    See 
https://github.com/apache/zookeeper/pull/184/files#diff-17cf39d4a9007c59b76832475b08b667R145
 for an example. If you feel strongly about this we can work on changing. it.


> SSL Support for Atomic Broadcast protocol
> -----------------------------------------
>
>                 Key: ZOOKEEPER-236
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-236
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: quorum, security, server
>            Reporter: Benjamin Reed
>            Assignee: Abraham Fine
>              Labels: ssl
>
> We should have the ability to use SSL to authenticate and encrypt the traffic 
> between ZooKeeper servers. For the most part this is a very easy change. We 
> would probably only want to support this for TCP based leader elections.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (ZOOKEEPER-236) SSL Support for Atomic Broadcast protocol

Reply via email to