ferdelyi commented on code in PR #5638:
URL: https://github.com/apache/hadoop/pull/5638#discussion_r1193971258
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/curator/ZKCuratorManager.java:
##########
@@ -478,10 +558,53 @@ public ZooKeeper newZooKeeper(String connectString, int
sessionTimeout,
if (zkClientConfig.isSaslClientEnabled() &&
!isJaasConfigurationSet(zkClientConfig)) {
setJaasConfiguration(zkClientConfig);
}
+ if (sslEnabled) {
+ setSslConfiguration(zkClientConfig);
+ }
return new ZooKeeper(connectString, sessionTimeout, watcher,
canBeReadOnly, zkClientConfig);
}
+ /**
+ * Configure ZooKeeper Client with SSL/TLS connection.
+ * @param zkClientConfig ZooKeeper Client configuration
+ * */
+ private void setSslConfiguration(ZKClientConfig zkClientConfig) throws
ConfigurationException {
+ this.setSslConfiguration(zkClientConfig, new ClientX509Util());
+ }
+ public void setSslConfiguration(ZKClientConfig zkClientConfig,
ClientX509Util x509Util )
+ throws ConfigurationException {
+ LOG.info("Configuring the ZooKeeper client to use SSL/TLS encryption for
connecting to the ZooKeeper server.");
+ if (StringUtils.isEmpty(this.keystoreLocation)) {
Review Comment:
Created for this purpose the validateSslConfiguration method.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
