You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by Abraham Fine <af...@apache.org> on 2017/04/20 21:22:51 UTC
Requesting reviews for ZOOKEEPER-236: SSL Support for Atomic Broadcast
protocol
Hello-
I have been continuing work on ZOOKEEPER-236 and it would be great to
get feedback from the community on the patch. The pull request can be
found here: https://github.com/apache/zookeeper/pull/184
ZOOKEEPER-236 provides the ability to use SSL/TLS to secure
communication within the ZooKeeper quorum.
Documentation will be handled in another pull request but the usage is
very similar to our existing Client <-> Quorum functionality, here is an
overview of the basic configuration.
System properties are set on each member of the quorum, for example:
-Dzookeeper.ssl.quorum.keyStore.location=keystore.jks
-Dzookeeper.ssl.quorum.keyStore.password=password
-Dzookeeper.ssl.quorum.trustStore.location=truststore.jks
A flag is set in the cfg files:
sslQuorum=true
The best way to see all the functionality provided by this patch is to
take a look at the integration tests:
https://github.com/afine/zookeeper/blob/3c6c81b69b7105fa7c5235a0f27718a7eae195de/src/java/test/org/apache/zookeeper/test/QuorumSSLTest.java.
The integration tests contain examples showing how hostname
verification, rolling upgrades, cipher configuration, protocol
configuration, and certificate revocation are handled.
There is a current outstanding question regarding hostname verification,
please provide input here:
https://github.com/apache/zookeeper/pull/184#discussion_r111485824
Looking forward to hearing everyone's thoughts.
Thanks,
Abraham Fine
Re: Requesting reviews for ZOOKEEPER-236: SSL Support for Atomic
Broadcast protocol
Posted by Atri Sharma <at...@gmail.com>.
I can help review this
On Apr 20, 2017 2:22 PM, "Abraham Fine" <af...@apache.org> wrote:
> Hello-
>
> I have been continuing work on ZOOKEEPER-236 and it would be great to
> get feedback from the community on the patch. The pull request can be
> found here: https://github.com/apache/zookeeper/pull/184
>
> ZOOKEEPER-236 provides the ability to use SSL/TLS to secure
> communication within the ZooKeeper quorum.
>
> Documentation will be handled in another pull request but the usage is
> very similar to our existing Client <-> Quorum functionality, here is an
> overview of the basic configuration.
>
> System properties are set on each member of the quorum, for example:
> -Dzookeeper.ssl.quorum.keyStore.location=keystore.jks
> -Dzookeeper.ssl.quorum.keyStore.password=password
> -Dzookeeper.ssl.quorum.trustStore.location=truststore.jks
>
> A flag is set in the cfg files:
> sslQuorum=true
>
> The best way to see all the functionality provided by this patch is to
> take a look at the integration tests:
> https://github.com/afine/zookeeper/blob/3c6c81b69b7105fa7c5235a0f27718
> a7eae195de/src/java/test/org/apache/zookeeper/test/QuorumSSLTest.java.
> The integration tests contain examples showing how hostname
> verification, rolling upgrades, cipher configuration, protocol
> configuration, and certificate revocation are handled.
>
> There is a current outstanding question regarding hostname verification,
> please provide input here:
> https://github.com/apache/zookeeper/pull/184#discussion_r111485824
>
> Looking forward to hearing everyone's thoughts.
>
> Thanks,
> Abraham Fine
>
>
>