[
https://issues.apache.org/jira/browse/ZOOKEEPER-2125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14332460#comment-14332460
]
Hongchao Deng commented on ZOOKEEPER-2125:
------------------------------------------
Hi, [~fpj] [~rakeshr] [~iandi].
I have uploaded a "simplified" patch based on ZK-2094:
1. The work handles encrypted communication. Authentication, ZooKeeperMain(CLI)
and 4lws changes are NOT included.
2. It only supports keystore and truststore. I think [~iandi] can work out the
custom key_manager/trust_manager in another JIRA so that we can cherry pick
commits based on our needs. I'm pretty open on this so more discussion is
welcome.
3. Addressed Rakesh's comments. Code improvement, refactoring, reduce the
coupling between classes.
About testing:
I have manually tried the patch and it works great for normal cases. It doesn't
look well when user specifies any wrong ssl parameters.. I don't know how to
nicely deal with it so let's keep it open for people like [~rgs] to talk about
or write the patch for it.
The patch isn't final -- there is also unit test. The unit test needs example
binary certificates. I am not including them to show jenkins test result. Final
patch will include unit test.
I prefer docs in another JIRA.
Review board is at the Description section (top of the page).
Please review and give feedback. Thanks!
> SSL on Netty client-server communication
> ----------------------------------------
>
> Key: ZOOKEEPER-2125
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2125
> Project: ZooKeeper
> Issue Type: Sub-task
> Reporter: Hongchao Deng
> Assignee: Hongchao Deng
> Attachments: ZOOKEEPER-2125.patch, ZOOKEEPER-2125.patch
>
>
> Supporting SSL on Netty client-server communication.
> 1. It supports keystore and trustore usage.
> 2. It adds an additional ZK server port which supports SSL. This would be
> useful for rolling upgrade.
> RB: https://reviews.apache.org/r/31277/
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
