You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "Galsza (via GitHub)" <gi...@apache.org> on 2023/09/19 17:08:57 UTC

[GitHub] [ozone] Galsza commented on pull request #5313: HDDS-8960. Hold the rootCA's private key only in memory for the time of initialization/rotation, then forget it

Galsza commented on PR #5313:
URL: https://github.com/apache/ozone/pull/5313#issuecomment-1726106166

   Hi @ChenSammi , some changes to the buildCAList are necessary, but I can extract it later. I have reverted back the changes to a basic version now.
   
   Regarding the root CA key generation I'm not sure how this separation can be done better. I've inlined the generateKeys function to make it clearer that it's not invoked from any other place. The SUB-CA certificate keys are generated and stored in an entirely different manner, during signing and storing the certificates. Do you have any advice on how to improve this?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org