spuru9 commented on code in PR #28553:
URL: https://github.com/apache/flink/pull/28553#discussion_r3482642233


##########
flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java:
##########
@@ -524,4 +574,70 @@ private void configureServerSocket(SSLServerSocket socket) 
{
             socket.setNeedClientAuth(true);
         }
     }
+
+    /**
+     * A {@link javax.net.SocketFactory} that applies operator-configured TLS 
protocols and cipher
+     * suites to every client socket it creates. This mirrors {@link
+     * ConfiguringSSLServerSocketFactory} for the client (BlobClient) side.
+     */
+    private static class ConfiguringSSLClientSocketFactory extends 
javax.net.SocketFactory {
+
+        private final javax.net.ssl.SSLSocketFactory sslSocketFactory;
+        private final String[] protocols;
+        private final String[] cipherSuites;
+
+        ConfiguringSSLClientSocketFactory(
+                javax.net.ssl.SSLSocketFactory sslSocketFactory,

Review Comment:
   nit: drop the fully-qualified names (javax.net.ssl.SSLSocket, 
java.net.Socket, etc.) in favor of import



##########
flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java:
##########
@@ -67,6 +69,8 @@
 /** Common utilities to manage SSL transport settings. */
 public class SSLUtils {
 
+    private static final org.slf4j.Logger LOG = 
LoggerFactory.getLogger(SSLUtils.class);

Review Comment:
   ```suggestion
       private static final Logger LOG = 
LoggerFactory.getLogger(SSLUtils.class);
   ```
   Keep import alongside others.



##########
flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java:
##########
@@ -81,13 +85,27 @@ public static ServerSocketFactory 
createSSLServerSocketFactory(Configuration con
         String[] protocols = getEnabledProtocols(config);
         String[] cipherSuites = getEnabledCipherSuites(config);
 
+        if (LOG.isDebugEnabled()) {

Review Comment:
   These four near-identical blocks are a lot of noise for diagnostic logging.  
Consider a tiny private helper like logSslDiag(String scope, String[] 
protocols, Iterable<String> ciphers). 
   Also the [SSL-DIAG] bracket-prefix style isn't used elsewhere in Flink loggin
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to