bbeaudreault opened a new pull request, #4724:
URL: https://github.com/apache/hbase/pull/4724

   As with the rest of the netty tls stuff, this is largely pulled and adapted 
from ZK. This adds support for setting netty's ClientAuth mode (none, need, 
want) which will handle the cert verification from trust store.  We 
additionally extend the trust manager to enable verification of hostnames. 
   
   I still need to add end-to-end tests of the functionality, but wanted to get 
this up.
   
   Note: There is follow-up work to be done in another issue which we can use 
the X509Certificate DN (distinguished name) to validate the ConnectionHeader's 
username and groups. This first pass simply plugs in the barebones mTLS support.
   
   cc @anmolnar 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to