[
https://issues.apache.org/jira/browse/FLINK-32035?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexander Fedulov updated FLINK-32035:
--------------------------------------
Affects Version/s: 1.17.0
> SQL Client should support HTTPS with built-in JDK certificates
> --------------------------------------------------------------
>
> Key: FLINK-32035
> URL: https://issues.apache.org/jira/browse/FLINK-32035
> Project: Flink
> Issue Type: Improvement
> Components: Table SQL / Client, Table SQL / Gateway
> Affects Versions: 1.17.0
> Reporter: Alexander Fedulov
> Assignee: Alexander Fedulov
> Priority: Major
>
> Another related issue is that internally SQL Client uses Flink’s
> _RestClient_ [1]. This client decides whether to enable SSL not on the basis
> of the URL schema (https://...), but based on Flink configuration, namely a
> global _security.ssl.rest.enabled_ parameter [2] (which is also used for the
> REST server-side configuration ). When this parameter is set to true, it
> automatically requires user-supplied _security.ssl.rest.truststore_ and
> _security.ssl.rest.keystore_ to be configured - there is no default option to
> use certificates from JDK. I was wondering if there is any real benefit in
> handling the low-level Netty channels and certificates manually for the use
> case of connecting between SQL Cli Client and SQL Gateway REST API. There
> is already a dependency on _OkHttpClient_ in {_}flink-metrics{_}. I would
> like to hear what you think about switching to _OkHttp_ and adding the
> ability to optionally load custom certificates there rather than patching
> {_}RestClient{_}.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
