You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@calcite.apache.org by "Karan Mehta (JIRA)" <ji...@apache.org> on 2018/05/31 20:56:00 UTC

[jira] [Comment Edited] (CALCITE-2285) Support client cert keystore for Avatica Client

    [ https://issues.apache.org/jira/browse/CALCITE-2285?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16497154#comment-16497154 ] 

Karan Mehta edited comment on CALCITE-2285 at 5/31/18 8:55 PM:
---------------------------------------------------------------

Jetty offers client/server classes which allow dynamic reloading of {{SslContextFactory}} when ever new certificates are loaded, especially for short lived certificates. Avatica Client depends on Apache HttpClient lib, which doesn't offer that feature. Long running Java clients can potentially run into issues with this. 

Any thoughts/ideas? [~alexaraujo] [~risdenk]
 I am currently looking into other potential ideas especially how things are implemented in Jetty and will post soon. I am also looking for approaches where a reference to {{SSLConnectionSocketFactory}} can be dynamically updated whenever the underlying cert changes.


was (Author: karanmehta93):
Jetty offers client/server classes which allow dynamic reloading of {{SslContextFactory}} when ever new certificates are loaded, especially for short lived certificates. Avatica Client depends on Apache HttpClient lib, which doesn't offer that feature. Long running Java clients can potentially run into issues with this. 

Any thoughts/ideas? [~alexaraujo] [~risdenk]
I am currently looking into other potential ideas and will post soon.

> Support client cert keystore for Avatica Client
> -----------------------------------------------
>
>                 Key: CALCITE-2285
>                 URL: https://issues.apache.org/jira/browse/CALCITE-2285
>             Project: Calcite
>          Issue Type: Improvement
>          Components: avatica
>            Reporter: Karan Mehta
>            Assignee: Karan Mehta
>            Priority: Major
>
> Currently Avatica only supports adding trust-store in {{SSLContext}} in all {{AvaticaHttpClient}} implementations. If keystore support it added, MTLS connections can be established as well.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)