You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@zookeeper.apache.org by GitBox <gi...@apache.org> on 2022/03/17 23:06:12 UTC
[GitHub] [zookeeper] mathew-manu opened a new pull request #1839: ZOOKEEPER-3806: TLS - dynamic loading for client trust/key store
mathew-manu opened a new pull request #1839:
URL: https://github.com/apache/zookeeper/pull/1839
ZooKeer currently has support for reloading the Quorum Truststore & Keystore automatically when the certificate files change in the filesystem without server restart (https://github.com/apache/zookeeper/pull/680)
However, Reloading of key and trust store for **ClientX509Util** is not present; i.e., the server presented certs to the clients will not get reloaded automatically if the certificates in the filesystem change, short-lived certs requires the process restart.
Changes:
- A new config property "zookeeper.client.certReload" is added, if it's true - ClientX509Util is reloaded automatically.
- ZK uses an _X509AuthenticationProvider_ which is backed by an X509TrustManager and an X509KeyManager to perform _remote host certificate authentication_. We need to update the X509AuthenticationProvider's TrustStore as part of the X509Util file-watcher.
- Junit test case to verify the cert reload.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zookeeper] mathew-manu commented on pull request #1839: ZOOKEEPER-3806: TLS - dynamic loading for client trust/key store
Posted by GitBox <gi...@apache.org>.
mathew-manu commented on pull request #1839:
URL: https://github.com/apache/zookeeper/pull/1839#issuecomment-1076488834
@anmolnar @ivmaykov
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zookeeper] mathew-manu commented on pull request #1839: ZOOKEEPER-3806: TLS - dynamic loading for client trust/key store
Posted by GitBox <gi...@apache.org>.
mathew-manu commented on pull request #1839:
URL: https://github.com/apache/zookeeper/pull/1839#issuecomment-1073456118
2 workflows awaiting approval (First-time contributor)
Can someone approve the workflows?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [zookeeper] mathew-manu commented on pull request #1839: ZOOKEEPER-3806: TLS - dynamic loading for client trust/key store
Posted by GitBox <gi...@apache.org>.
mathew-manu commented on pull request #1839:
URL: https://github.com/apache/zookeeper/pull/1839#issuecomment-1080021404
cc @maoling @eolivelli
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org