[
https://issues.apache.org/jira/browse/ZOOKEEPER-3160?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andor Molnar reassigned ZOOKEEPER-3160:
---------------------------------------
Assignee: Alex Rankin (was: Andor Molnar)
> Custom User SSLContext
> ----------------------
>
> Key: ZOOKEEPER-3160
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3160
> Project: ZooKeeper
> Issue Type: New Feature
> Components: java client
> Affects Versions: 3.5.4
> Reporter: Alex Rankin
> Assignee: Alex Rankin
> Priority: Minor
> Labels: features, pull-request-available, ready-to-commit
> Fix For: 3.6.0
>
> Time Spent: 13.5h
> Remaining Estimate: 0h
>
> The Zookeeper libraries currently allow you to set up your SSL Context via
> system properties such as "zookeeper.ssl.keyStore.location" in the X509Util.
> This covers most simple use cases, where users have software keystores on
> their harddrive.
> There are, however, a few additional scenarios that this doesn't cover. Two
> possible ones would be:
> # The user has a hardware keystore, loaded in using PKCS11 or something
> similar.
> # The user has no access to the software keystore, but can retrieve an
> already-constructed SSLContext from their container.
> For this, I would propose that the X509Util be extended to allow a user to
> set a property such as "zookeeper.ssl.client.context" to provide a class
> which supplies a custom SSL context. This gives a lot more flexibility to the
> ZK client, and allows the user to construct the SSLContext in whatever way
> they please (which also future proofs the implementation somewhat).
> I've already completed this feature, and will put in a PR soon for it.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
