You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spark.apache.org by sr...@apache.org on 2021/07/17 14:00:21 UTC
[spark] branch master updated: [SPARK-36122][CORE] Passing on
needClientAuth to Jetty SSLContextFactory
This is an automated email from the ASF dual-hosted git repository.
srowen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push:
new bfdde96 [SPARK-36122][CORE] Passing on needClientAuth to Jetty SSLContextFactory
bfdde96 is described below
commit bfdde9635da0d721cd9ffcc422ad00afc406aa4b
Author: skhandrikagmail <87...@users.noreply.github.com>
AuthorDate: Sat Jul 17 08:59:42 2021 -0500
[SPARK-36122][CORE] Passing on needClientAuth to Jetty SSLContextFactory
SPARK-36122: Spark does not passon needClientAuth to Jetty SSLContextFactory. Does not allow to configure mTLS authentication.
passing needClientAuth to sslContextFactory would help enable mTLS authentication for Jetty through x509 certificates.
### What changes were proposed in this pull request?
### Why are the changes needed?
### Does this PR introduce _any_ user-facing change?
### How was this patch tested?
Closes #33301 from skhandrikagmail/patch-1.
Authored-by: skhandrikagmail <87...@users.noreply.github.com>
Signed-off-by: Sean Owen <sr...@gmail.com>
---
core/src/main/scala/org/apache/spark/SSLOptions.scala | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/core/src/main/scala/org/apache/spark/SSLOptions.scala b/core/src/main/scala/org/apache/spark/SSLOptions.scala
index 446a8e5..f1668966 100644
--- a/core/src/main/scala/org/apache/spark/SSLOptions.scala
+++ b/core/src/main/scala/org/apache/spark/SSLOptions.scala
@@ -78,6 +78,12 @@ private[spark] case class SSLOptions(
trustStore.foreach(file => sslContextFactory.setTrustStorePath(file.getAbsolutePath))
trustStorePassword.foreach(sslContextFactory.setTrustStorePassword)
trustStoreType.foreach(sslContextFactory.setTrustStoreType)
+ /*
+ * Need to pass needClientAuth flag to jetty for Jetty server to authenticate
+ * client certificates. This would help enable mTLS authentication.
+ */
+ sslContextFactory.setNeedClientAuth(needClientAuth)
+
}
protocol.foreach(sslContextFactory.setProtocol)
if (supportedAlgorithms.nonEmpty) {
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org