You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Noa Resare (JIRA)" <ji...@apache.org> on 2018/11/30 17:20:00 UTC

[jira] [Commented] (KAFKA-7685) Support loading trust stores from classpath

    [ https://issues.apache.org/jira/browse/KAFKA-7685?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16705040#comment-16705040 ] 

Noa Resare commented on KAFKA-7685:
-----------------------------------

There is now a KIP: https://cwiki.apache.org/confluence/display/KAFKA/KIP-398

> Support loading trust stores from classpath
> -------------------------------------------
>
>                 Key: KAFKA-7685
>                 URL: https://issues.apache.org/jira/browse/KAFKA-7685
>             Project: Kafka
>          Issue Type: Improvement
>          Components: clients
>    Affects Versions: 2.1.0
>            Reporter: Noa Resare
>            Priority: Minor
>
> Certificate pinning as well as authenticating kafka brokers using a non-public CA certificate maintained inside an organisation is desirable to a lot of users. This can be accomplished today using the {{ssl.truststore.location}} configuration property. Unfortunately, this value is always interpreted as a filesystem path which makes distribution of such an alternative truststore a needlessly cumbersome process. If we had the ability to load a trust store from the classpath as well as from a file, the trust store could be shipped in a jar that could be declared as a regular maven style dependency.
> If we did this by supporting prefixing {{ssl.truststore.location}} with {{classpath:}} this could be a backwards compatible change, one that builds on prior design patterns established by for example the Spring project.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)