[jira] [Commented] (ZOOKEEPER-3160) Custom User SSLContext

Fri, 25 Jan 2019 09:14:48 -0800 


    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-3160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16752449#comment-16752449
 ] 

Hudson commented on ZOOKEEPER-3160:
-----------------------------------

SUCCESS: Integrated in Jenkins build Zookeeper-trunk-single-thread #205 (See 
[https://builds.apache.org/job/Zookeeper-trunk-single-thread/205/])
ZOOKEEPER-3160: Custom User SSLContext (andor: rev 
045833b795a7041607337b192fa3dbcf2cc3f291)
* (edit) 
zookeeper-server/src/test/java/org/apache/zookeeper/common/X509UtilTest.java
* (edit) 
zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java
* (edit) 
zookeeper-server/src/main/java/org/apache/zookeeper/common/ZKConfig.java


> Custom User SSLContext
> ----------------------
>
>                 Key: ZOOKEEPER-3160
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3160
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: java client
>    Affects Versions: 3.5.4
>            Reporter: Alex Rankin
>            Priority: Minor
>              Labels: features, pull-request-available, ready-to-commit
>             Fix For: 3.6.0
>
>          Time Spent: 13.5h
>  Remaining Estimate: 0h
>
> The Zookeeper libraries currently allow you to set up your SSL Context via 
> system properties such as "zookeeper.ssl.keyStore.location" in the X509Util. 
> This covers most simple use cases, where users have software keystores on 
> their harddrive.
> There are, however, a few additional scenarios that this doesn't cover. Two 
> possible ones would be:
>  # The user has a hardware keystore, loaded in using PKCS11 or something 
> similar.
>  # The user has no access to the software keystore, but can retrieve an 
> already-constructed SSLContext from their container.
> For this, I would propose that the X509Util be extended to allow a user to 
> set a property such as "zookeeper.ssl.client.context" to provide a class 
> which supplies a custom SSL context. This gives a lot more flexibility to the 
> ZK client, and allows the user to construct the SSLContext in whatever way 
> they please (which also future proofs the implementation somewhat).
> I've already completed this feature, and will put in a PR soon for it.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to