You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2019/03/15 13:59:00 UTC

[jira] [Work logged] (KNOX-1111) 2-way SSL Truststore and Keystore Improvements

     [ https://issues.apache.org/jira/browse/KNOX-1111?focusedWorklogId=213783&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-213783 ]

ASF GitHub Bot logged work on KNOX-1111:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 15/Mar/19 13:58
            Start Date: 15/Mar/19 13:58
    Worklog Time Spent: 10m 
      Work Description: rlevas commented on pull request #74: KNOX-1111 - 2-way SSL Truststore and Keystore Improvements
URL: https://github.com/apache/knox/pull/74
 
 
   ## What changes were proposed in this pull request?
   
   Most of the improvements needed for [KNOX-1111](https://issues.apache.org/jira/browse/KNOX-1111) have been completed using various Jiras.  However, the ability to set a custom trust store when two-way SSL was not enabled for a service was not implemented.  This patch implements that feature.  
   
   ## How was this patch tested?
   
   Added and ran unit test:
   ```
   mvn -T.5C verify -Prelease,package
   ...
   [INFO] ------------------------------------------------------------------------
   [INFO] BUILD SUCCESS
   [INFO] ------------------------------------------------------------------------
   [INFO] Total time: 15:59 min (Wall Clock)
   [INFO] Finished at: 2019-03-14T20:56:51-04:00
   [INFO] Final Memory: 292M/1907M
   [INFO] ------------------------------------------------------------------------
   ```
   Manually tested various scenarios:
   - two-way SSL **with no** trust store configured, used the configured identity keystore instead
   - two-way SSL **with** a trust store configured, used the configured trust store
   - one-way SSL **with no** trust store configured, no custom SSL context was created (assume cacerts was used)
   - one-way SSL **with** a trust store configured, used the configured trust store
   
   
   
   Please review [Knox Contributing Process](https://cwiki.apache.org/confluence/display/KNOX/Contribution+Process#ContributionProcess-GithubWorkflow) before opening a pull request.
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

            Worklog Id:     (was: 213783)
            Time Spent: 10m
    Remaining Estimate: 0h

> 2-way SSL Truststore and Keystore Improvements
> ----------------------------------------------
>
>                 Key: KNOX-1111
>                 URL: https://issues.apache.org/jira/browse/KNOX-1111
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>            Reporter: Larry McCay
>            Assignee: Robert Levas
>            Priority: Major
>             Fix For: 1.3.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Currently, the DefaultHttpClientFactory is setting the 2-way SSL for dispatches truststore as gateway.jks. This should be driven by configuration and probably default to cacerts rather than gateway.jks.
> The client cert alias inside the keystore should be configurable as well so that we can possibly have different certs representing different topologies.
> In addition, the keystore to host the client certs should be configurable.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)