[jira] [Created] (FLINK-35371) Allow the keystore and truststore type to configured for SSL

Ammar Master (Jira) Wed, 15 May 2024 22:26:09 -0700

Ammar Master created FLINK-35371:
------------------------------------

             Summary: Allow the keystore and truststore type to configured for 
SSL
                 Key: FLINK-35371
                 URL: https://issues.apache.org/jira/browse/FLINK-35371
             Project: Flink
          Issue Type: Improvement
          Components: Runtime / Network
            Reporter: Ammar Master



Flink always creates a keystore and trustore using the [default 
type|https://github.com/apache/flink/blob/b87ead743dca161cdae8a1fef761954d206b81fb/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java#L236]
 defined in the JDK, which in most cases is JKS. We should add other 
configuration options to set the type explicitly to support other custom 
formats, and match the options provided by other applications by 
[Spark|https://spark.apache.org/docs/latest/security.html#:~:text=the%20key%20store.-,%24%7Bns%7D.keyStoreType,-JKS]
 and 
[Kafka|https://kafka.apache.org/documentation/#:~:text=per%2Dbroker-,ssl.keystore.type,-The%20file%20format]
 already. The default would continue to be specified by the JDK.

 

The SSLContext for the REST API can read the configuration option directly, and 
we need to add extra logic to the 
[CustomSSLEngineProvider|https://github.com/apache/flink/blob/master/flink-rpc/flink-rpc-akka/src/main/java/org/apache/flink/runtime/rpc/pekko/CustomSSLEngineProvider.java]
 for Pekko.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (FLINK-35371) Allow the keystore and truststore type to configured for SSL

Reply via email to