You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spark.apache.org by sr...@apache.org on 2021/07/17 14:00:21 UTC

[spark] branch master updated: [SPARK-36122][CORE] Passing on needClientAuth to Jetty SSLContextFactory

This is an automated email from the ASF dual-hosted git repository.

srowen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git


The following commit(s) were added to refs/heads/master by this push:
     new bfdde96  [SPARK-36122][CORE] Passing on needClientAuth to Jetty SSLContextFactory
bfdde96 is described below

commit bfdde9635da0d721cd9ffcc422ad00afc406aa4b
Author: skhandrikagmail <87...@users.noreply.github.com>
AuthorDate: Sat Jul 17 08:59:42 2021 -0500

    [SPARK-36122][CORE] Passing on needClientAuth to Jetty SSLContextFactory
    
    SPARK-36122: Spark does not passon needClientAuth to Jetty SSLContextFactory. Does not allow to configure mTLS authentication.
    
    passing needClientAuth to sslContextFactory would help enable mTLS authentication for Jetty through x509 certificates.
    
    ### What changes were proposed in this pull request?
    
    ### Why are the changes needed?
    
    ### Does this PR introduce _any_ user-facing change?
    
    ### How was this patch tested?
    
    Closes #33301 from skhandrikagmail/patch-1.
    
    Authored-by: skhandrikagmail <87...@users.noreply.github.com>
    Signed-off-by: Sean Owen <sr...@gmail.com>
---
 core/src/main/scala/org/apache/spark/SSLOptions.scala | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/core/src/main/scala/org/apache/spark/SSLOptions.scala b/core/src/main/scala/org/apache/spark/SSLOptions.scala
index 446a8e5..f1668966 100644
--- a/core/src/main/scala/org/apache/spark/SSLOptions.scala
+++ b/core/src/main/scala/org/apache/spark/SSLOptions.scala
@@ -78,6 +78,12 @@ private[spark] case class SSLOptions(
         trustStore.foreach(file => sslContextFactory.setTrustStorePath(file.getAbsolutePath))
         trustStorePassword.foreach(sslContextFactory.setTrustStorePassword)
         trustStoreType.foreach(sslContextFactory.setTrustStoreType)
+        /*
+         * Need to pass needClientAuth flag to jetty for Jetty server to authenticate
+         * client certificates. This would help enable mTLS authentication.
+         */
+        sslContextFactory.setNeedClientAuth(needClientAuth)
+
       }
       protocol.foreach(sslContextFactory.setProtocol)
       if (supportedAlgorithms.nonEmpty) {

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org