You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Wenjie Zhang (JIRA)" <ji...@apache.org> on 2016/11/15 22:43:59 UTC

[jira] [Updated] (KAFKA-4413) Kakfa should support default SSLContext

     [ https://issues.apache.org/jira/browse/KAFKA-4413?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Wenjie Zhang updated KAFKA-4413:
--------------------------------
    Description: Currently, to enable SSL in either consumer or producer, we have to provide trustStore file and password. Ideally, if the Kafka server configured with CA signed certificate, since JRE includes certain CA ROOT certs inside "cacerts", Kafka should support SSL without any trustStore file, basically, we should update `org.apache.kafka.common.security.ssl.SslFactory.createSSLContext` to use `SSLContext.getDefault()` when trustStore file is not needed, not sure if there is any other places needs to be updated for this enhancement   (was: Currently, to enable SSL in either consumer or producer, we have to provide trustStore file and password. Ideally, if the Kafka server configured with CA signed certificate, since JRE includes certain CA ROOT certs inside "cacerts", Kafka should support using `SSLContext.getDefault()` when creating `SSLContext`, the changes need to be made at `org.apache.kafka.common.security.ssl.SslFactory.createSSLContext`, not sure if there is any other places needs to be updated for this enhancement )

> Kakfa should support default SSLContext
> ---------------------------------------
>
>                 Key: KAFKA-4413
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4413
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 0.10.0.1
>         Environment: All
>            Reporter: Wenjie Zhang
>              Labels: SSLContext, SslFactory, https, ssl
>
> Currently, to enable SSL in either consumer or producer, we have to provide trustStore file and password. Ideally, if the Kafka server configured with CA signed certificate, since JRE includes certain CA ROOT certs inside "cacerts", Kafka should support SSL without any trustStore file, basically, we should update `org.apache.kafka.common.security.ssl.SslFactory.createSSLContext` to use `SSLContext.getDefault()` when trustStore file is not needed, not sure if there is any other places needs to be updated for this enhancement 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)