[
https://issues.apache.org/jira/browse/HADOOP-16517?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brahma Reddy Battula updated HADOOP-16517:
------------------------------------------
Target Version/s: 3.4.0 (was: 3.3.0)
Bulk update: moved all 3.3.0 non-blocker issues, please move back if it is a
blocker.
> Allow optional mutual TLS in HttpServer2
> ----------------------------------------
>
> Key: HADOOP-16517
> URL: https://issues.apache.org/jira/browse/HADOOP-16517
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Kihwal Lee
> Assignee: Kihwal Lee
> Priority: Major
> Attachments: HADOOP-16517.1.patch, HADOOP-16517.patch
>
>
> Currently the webservice can enforce mTLS by setting
> "dfs.client.https.need-auth" on the server side. (The config name is
> misleading, as it is actually server-side config. It has been deprecated from
> the client config) A hadoop client can talk to mTLS enforced web service by
> setting "hadoop.ssl.require.client.cert" with proper ssl config.
> We have seen use case where mTLS needs to be enabled optionally for only
> those clients who supplies their cert. In a mixed environment like this,
> individual services may still enforce mTLS for a subset of endpoints by
> checking the existence of x509 cert in the request.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
