xiangfu0 commented on code in PR #13589:
URL: https://github.com/apache/pinot/pull/13589#discussion_r1677123689
##########
pinot-common/src/main/java/org/apache/pinot/common/utils/tls/TlsUtils.java:
##########
@@ -227,19 +229,28 @@ public static void installDefaultSSLSocketFactory(String
keyStoreType, String ke
String trustStoreType, String trustStorePath, String trustStorePassword)
{
try {
SecureRandom secureRandom = new SecureRandom();
- SSLFactory sslFactory = RenewableTlsUtils.createSSLFactory(keyStoreType,
keyStorePath, keyStorePassword,
- trustStoreType, trustStorePath, trustStorePassword,
- "SSL", secureRandom, true, false);
- if (isKeyOrTrustStorePathNullOrHasFileScheme(keyStorePath)
- && isKeyOrTrustStorePathNullOrHasFileScheme(trustStorePath)) {
-
RenewableTlsUtils.enableAutoRenewalFromFileStoreForSSLFactory(sslFactory,
keyStoreType, keyStorePath,
- keyStorePassword, trustStoreType, trustStorePath,
trustStorePassword, "SSL", secureRandom,
- PinotInsecureMode::isPinotInInsecureMode);
+ SSLContext sc;
+ if (keyStorePath == null && trustStorePath == null) {
+ // When neither keyStorePath nor trustStorePath is provided, a
SSLFactory cannot be created. create SSLContext
+ // directly and use the default key manager and trust manager.
+ sc = SSLContext.getInstance(SSL_CONTEXT_PROTOCOL);
Review Comment:
Is this guaranteed to be not null?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
