GitHub user ivmaykov opened a pull request:
https://github.com/apache/zookeeper/pull/681
ZOOKEEPER-3176: Quorum TLS - add SSL config options
Add SSL config options for enabled protocols and client auth mode.
Improve handling of SSL config options for protocols and cipher suites -
previously these came from system properties, now they can come from ZKConfig
which means they are easier to isolate in tests, and now we don't need to parse
system properties every time we create a secure socket.
Note that this is stacked on top of #678, #679, and #680 and thus includes
them. Please only consider the ZOOKEEPER-3176 commit when reviewing. Once the
other PRs are merged upstream, I will rebase this so it only contains one
commit.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/ivmaykov/zookeeper ZOOKEEPER-3176
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zookeeper/pull/681.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #681
----
commit b8b687ae4dea912ef18ee2ee1ace406800f3fce7
Author: Ilya Maykov <ilyam@...>
Date: 2018-10-25T00:41:48Z
ZOOKEEPER-3173: Quorum TLS - support PEM trust/key stores
ZOOKEEPER-3175: Quorum TLS - test improvements
Add support for loading key and trust stores from PEM files.
Also added test utils for testing X509-related code, because it
was very difficult to untangle them from the PEM support code.
commit f9fb9c69f15f4d23acc714de75efe4592c6578b9
Author: Ilya Maykov <ilyam@...>
Date: 2018-10-25T01:22:24Z
ZOOKEEPER-3172: Quorum TLS - fix port unification to allow rolling upgrades
commit 65edf69084bebfc50613daafefe7ebb3afbb6e36
Author: Ilya Maykov <ilyam@...>
Date: 2018-10-25T01:54:06Z
ZOOKEEPER-3174: Quorum TLS - support reloading trust/key store
commit 38b636e3c933967e1613b4d19425bfb681f9d7b3
Author: Ilya Maykov <ilyam@...>
Date: 2018-10-25T02:12:04Z
ZOOKEEPER-3176: Quorum TLS - add SSL config options
----
---
