[ https://issues.apache.org/jira/browse/ZOOKEEPER-3160?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andor Molnar reassigned ZOOKEEPER-3160: --------------------------------------- Assignee: Alex Rankin (was: Andor Molnar) > Custom User SSLContext > ---------------------- > > Key: ZOOKEEPER-3160 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3160 > Project: ZooKeeper > Issue Type: New Feature > Components: java client > Affects Versions: 3.5.4 > Reporter: Alex Rankin > Assignee: Alex Rankin > Priority: Minor > Labels: features, pull-request-available, ready-to-commit > Fix For: 3.6.0 > > Time Spent: 13.5h > Remaining Estimate: 0h > > The Zookeeper libraries currently allow you to set up your SSL Context via > system properties such as "zookeeper.ssl.keyStore.location" in the X509Util. > This covers most simple use cases, where users have software keystores on > their harddrive. > There are, however, a few additional scenarios that this doesn't cover. Two > possible ones would be: > # The user has a hardware keystore, loaded in using PKCS11 or something > similar. > # The user has no access to the software keystore, but can retrieve an > already-constructed SSLContext from their container. > For this, I would propose that the X509Util be extended to allow a user to > set a property such as "zookeeper.ssl.client.context" to provide a class > which supplies a custom SSL context. This gives a lot more flexibility to the > ZK client, and allows the user to construct the SSLContext in whatever way > they please (which also future proofs the implementation somewhat). > I've already completed this feature, and will put in a PR soon for it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)