[HBASE-26666] Add native TLS encryption support to RPC server/client

[Andor Molnar <an...@apache.org>]

Hi HBase folks,

I’d like to submit a patch to add TLS encryption handler to Netty RPC client and server. This is a requirement for SASL mechs which don’t have built-in encryption support. For instance it’s a must for the JWT authentication plugin which is another project of mine for HBase.

Given that the patch changes low level stuff and I also had to make some changes in the threading logic of the client side, I need experienced HBase committers to take a closer look and make sure I’m doing the right thing.

Especially from Duo Zhang, who recently committed HBASE-24506 to address a deadlock in the Netty RPC client, I’d like to ask for a close review, because I had to touch his patch and refactor some part of it.

Thanks in advance.

Andor

Re: [HBASE-26666] Add native TLS encryption support to RPC server/client

[Andor Molnar <an...@apache.org>]

…and the link for the PR:

https://github.com/apache/hbase/pull/4125

Andor




> On 2022. Mar 9., at 13:07, Andor Molnar <an...@apache.org> wrote:
> 
> Hi HBase folks,
> 
> I’d like to submit a patch to add TLS encryption handler to Netty RPC client and server. This is a requirement for SASL mechs which don’t have built-in encryption support. For instance it’s a must for the JWT authentication plugin which is another project of mine for HBase.
> 
> Given that the patch changes low level stuff and I also had to make some changes in the threading logic of the client side, I need experienced HBase committers to take a closer look and make sure I’m doing the right thing.
> 
> Especially from Duo Zhang, who recently committed HBASE-24506 to address a deadlock in the Netty RPC client, I’d like to ask for a close review, because I had to touch his patch and refactor some part of it.
> 
> Thanks in advance.
> 
> Andor
> 
>