[
https://issues.apache.org/jira/browse/CASSANDRA-16666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17421836#comment-17421836
]
Maulin Vasavada edited comment on CASSANDRA-16666 at 9/29/21, 12:53 AM:
------------------------------------------------------------------------
Thanks [~jonmeredith] for cleaning up the branch. [~stefan.miklosovic] I
usually end up merging from the trunk or stable releases when it takes longer
for the development (just something based on my experience getting stuck or
having to resolve difficult code conflicts if I wait longer). That is the
reason you see mixed things on my branch. Some other sub-branches I created
with CEP-9 prefix when I was doing parallel development for some alternatives
we were discussing and I was not sure if they would make it to the actual
branch.
Is there a way we can use the branch Jon created as above? If not, I am
cleaning up the branch (squash didn't work well :( )
was (Author: maulin.vasavada):
Thanks [~jonmeredith] for cleaning up the branch. [~stefan.miklosovic] I
usually end up merging from the trunk or stable releases when it takes longer
for the development (just something based on my experience getting stuck or
having to resolve difficult code conflicts if I wait longer). That is the
reason you see mixed things on my branch. Some other sub-branches I created
with CEP-9 prefix when I was doing parallel development for some alternatives
we were discussing and I was not sure if they would make it to the actual
branch.
Is there a way we can use the branch Jon created as above?
> Make SSLContext creation pluggable/extensible
> ---------------------------------------------
>
> Key: CASSANDRA-16666
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16666
> Project: Cassandra
> Issue Type: Improvement
> Components: Messaging/Internode
> Reporter: Maulin Vasavada
> Assignee: Maulin Vasavada
> Priority: Normal
> Fix For: 4.x
>
> Attachments: Screenshot from 2021-09-28 10-56-24.png
>
>
> Currently Cassandra creates the SSLContext via SSLFactory.java. SSLFactory is
> a final class with static methods and not overridable. The SSLFactory loads
> the keys and certs from the file based artifacts for the same. While this
> works for many, in the industry where security is stricter and contextual,
> this approach falls short. Many big organizations need flexibility to load
> the SSL artifacts from a custom resource (like custom Key Management
> Solution, HashiCorp Vault, Amazon KMS etc). While JSSE SecurityProvider
> architecture allows us flexibility to build our custom mechanisms to validate
> and process security artifacts, many times all we need is to build upon
> Java's existing extensibility that Trust/Key Manager interfaces provide to
> load keystores from various resources in the absence of any customized
> requirements on the Keys/Certificate formats.
> My proposal here is to make the SSLContext creation pluggable/extensible and
> have the current SSLFactory.java implement an extensible interface.
> I contributed a similar change that is live now in Apache Kafka (2.6.0) -
> https://issues.apache.org/jira/browse/KAFKA-8890
> I can spare some time writing the pluggable interface and run by the required
> reviewers.
>
> Created [CEP-9: Make SSLContext creation
> pluggable|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-9%3A+Make+SSLContext+creation+pluggable]
>
>
> cc: [~dcapwell] [~djoshi]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
