subject:"\[DISCUSS\] KIP\-978\: Allow dynamic reloading of certificates with different DN \/ SANs"

Re: [DISCUSS] KIP-978: Allow dynamic reloading of certificates with different DN / SANs

2023-10-20 Thread Jakub Scholz

Please let me know if anyone has some more comments on this. If not, I will
start the vote next week.

Thanks & Regards
Jakub

On Wed, Sep 13, 2023 at 9:59 PM Jakub Scholz  wrote:

> Hi all,
>
> I would like to start the discussion about the KIP-978: Allow dynamic
> reloading of certificates with different DN / SANs
> .
> It proposes adding an option to disable the current validation of the DN
> and SANs when dynamically changing the keystore. Please have a look and let
> me know your thoughts ...
>
> Thanks & Regards
> Jakub
>

Re: [DISCUSS] KIP-978: Allow dynamic reloading of certificates with different DN / SANs

2023-10-17 Thread Jakub Scholz

Hi Viktor,

Thanks for reviewing the KIP and for your comment. I agree that it makes
sense to split them. I do not have any use-case where I would use only one
or the other right now. But it is easier to enable two options now than to
somehow split the option into two later. I updated the KIP accordingly.

Thanks & Regards
Jakub

On Tue, Oct 17, 2023 at 2:44 PM Viktor Somogyi-Vass
 wrote:

> Hi Jakub,
>
> I think the KIP looks good overall, and I have one question for now.
> Would it make sense to split the config you want to introduce
> (ssl.allow.dn.and.san.changes) into two configs? Would users want to enable
> one but not the other?
>
> Thanks,
> Viktor
>
> On Wed, Sep 13, 2023 at 10:00 PM Jakub Scholz  wrote:
>
> > Hi all,
> >
> > I would like to start the discussion about the KIP-978: Allow dynamic
> > reloading of certificates with different DN / SANs
> > <
> >
> https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=263429128
> > >.
> > It proposes adding an option to disable the current validation of the DN
> > and SANs when dynamically changing the keystore. Please have a look and
> let
> > me know your thoughts ...
> >
> > Thanks & Regards
> > Jakub
> >
>

Re: [DISCUSS] KIP-978: Allow dynamic reloading of certificates with different DN / SANs

2023-10-17 Thread Viktor Somogyi-Vass

Hi Jakub,

I think the KIP looks good overall, and I have one question for now.
Would it make sense to split the config you want to introduce
(ssl.allow.dn.and.san.changes) into two configs? Would users want to enable
one but not the other?

Thanks,
Viktor

On Wed, Sep 13, 2023 at 10:00 PM Jakub Scholz  wrote:

> Hi all,
>
> I would like to start the discussion about the KIP-978: Allow dynamic
> reloading of certificates with different DN / SANs
> <
> https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=263429128
> >.
> It proposes adding an option to disable the current validation of the DN
> and SANs when dynamically changing the keystore. Please have a look and let
> me know your thoughts ...
>
> Thanks & Regards
> Jakub
>

[DISCUSS] KIP-978: Allow dynamic reloading of certificates with different DN / SANs

2023-09-13 Thread Jakub Scholz

Hi all,

I would like to start the discussion about the KIP-978: Allow dynamic
reloading of certificates with different DN / SANs
.
It proposes adding an option to disable the current validation of the DN
and SANs when dynamically changing the keystore. Please have a look and let
me know your thoughts ...

Thanks & Regards
Jakub

Re: [DISCUSS] KIP-978: Allow dynamic reloading of certificates with different DN / SANs

Re: [DISCUSS] KIP-978: Allow dynamic reloading of certificates with different DN / SANs

Re: [DISCUSS] KIP-978: Allow dynamic reloading of certificates with different DN / SANs

[DISCUSS] KIP-978: Allow dynamic reloading of certificates with different DN / SANs

4 matches

Site Navigation

Mail list logo

Footer information