[jira] [Commented] (ARROW-10105) [FlightRPC] Add client option to disable certificate validation with TLS

Tue, 06 Oct 2020 17:14:12 -0700 


    [ 
https://issues.apache.org/jira/browse/ARROW-10105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17209233#comment-17209233
 ] 

James Duong commented on ARROW-10105:
-------------------------------------

Thanks [~lidavidm]. I wasn't able to open the second link, but I'm assuming 
you're pointing to the grpc-cpp reference there that is using 1.21.:
https://github.com/ursa-labs/ursabot/blob/e958c5f95b31e98108df54cf13596c4fde944c3a/projects/arrow/docker/conda-cpp.txt#L19
 ?

I don't know what the relationship of this repo is to the Arrow repo or 
how/when this gets updated. Be good if we could get some insight into this 
[~uwe] and [~kszucs].

I believe I've gotten past the RE2 linker error now on CentOS 5.11, but not 
sure if there are more CentOS 5 issues cropping up after. I have not 
implemented the change to use the dummy certificate. Related to this, I'm 
planning to just copy the root PEM file that ships with grpc that they put in 
/usr/share/grpc. Where would a good place be to put this in the source tree? 
And the install location would be /usr/share/arrow.

> [FlightRPC] Add client option to disable certificate validation with TLS
> ------------------------------------------------------------------------
>
>                 Key: ARROW-10105
>                 URL: https://issues.apache.org/jira/browse/ARROW-10105
>             Project: Apache Arrow
>          Issue Type: New Feature
>          Components: C++, FlightRPC, Java, Python
>            Reporter: James Duong
>            Assignee: James Duong
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 2.0.0
>
>          Time Spent: 1h 50m
>  Remaining Estimate: 0h
>
> Users of Flight may want to disable certificate validation if they want to 
> only use encryption. A use case might be that the Flight server uses a 
> self-signed certificate and doesn't distribute a certificate for clients to 
> use.
> This feature would be to add an explicit option to FlightClient.Builder to 
> disable certificate validation. Note that this should not happen implicitly 
> if a client uses a TLS location, but does not set a certificate. The client 
> should explicitly set this option so that they are fully aware that they are 
> making a connection with reduced security.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to