bbeaudreault opened a new pull request, #4724: URL: https://github.com/apache/hbase/pull/4724
As with the rest of the netty tls stuff, this is largely pulled and adapted from ZK. This adds support for setting netty's ClientAuth mode (none, need, want) which will handle the cert verification from trust store. We additionally extend the trust manager to enable verification of hostnames. I still need to add end-to-end tests of the functionality, but wanted to get this up. Note: There is follow-up work to be done in another issue which we can use the X509Certificate DN (distinguished name) to validate the ConnectionHeader's username and groups. This first pass simply plugs in the barebones mTLS support. cc @anmolnar -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
