alexio215 opened a new issue, #6908: URL: https://github.com/apache/kyuubi/issues/6908
### Code of Conduct - [x] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct) ### Search before asking - [x] I have searched in the [issues](https://github.com/apache/kyuubi/issues?q=is%3Aissue) and found no similar issues. ### What would you like to be improved? Looking to add mTLS capability for capable proxies. ### How should we improve? Hello, I am looking to connect to an NGINX reverse proxy that serves the Thrift traffic into a HiveServer2. To connect securely, I am required to connect using mTLS, but in the Connection object that is being created, I only see the SSL cert being passed for a regular TLS handshake. I am looking to expand this capability to also send a client cert and key to be validated by the server. I wanted to ask what is the preferred method of adding this. Adding parameters to the object constructor? I would add "client_cert", "client_key", and "ca_cert" with the boolean option of "mtls_proxy". This would have matching conditions to check if the mtls_proxy variable is to be used, and then add the correct certs to the ssl_context for mTLS. Or, I could add in a parameter called "ssl_context", default it to none, and any time that an ssl_context is provided by the user the connect object will instead use the custom provided ssl_context, allowing the user to provide and specify the use of mTLS. Please let me know which is preferred, and if this is a valid solution, thank you. ### Are you willing to submit PR? - [x] Yes. I would be willing to submit a PR with guidance from the Kyuubi community to improve. - [ ] No. I cannot submit a PR at this time. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
