[ https://issues.apache.org/jira/browse/ZOOKEEPER-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15906291#comment-15906291 ]
Powell Molleti commented on ZOOKEEPER-236: ------------------------------------------ Hi Abe, Thanks for looking at the patch and feedback. {quote} I'm also a little concerned with the use of the `ServerCfg` class. I understand how it wraps the hostString and InetSocketAddress but it creates a lot of plumbing changes that I do not think are necessary for the functionality we are trying to implement and complicate the diff. {quote} Noted, I was using that class to band together hostString, InetSocketAddress and Certificate fingerprint. I have removed it and eliminated the impact of it files. See my comments later in the message on the need for hostString. {quote} Do you think it would be easier to move forward with the patch I uploaded originally and put your reconfig changes on top of that (as I think the configuration refactoring you did is more appropriate there anyway)? {quote} I have no issues if you want to commit your changes. Here are few of the things I think are needed. * Need for separate SSL config for client to server and quorum peer to quorum peer. Changes to X509Util and ZKConfig are for this. * Need for Hostname verification and CRL lists at-least for quorum peer to quorum peer SSL would mean that we will need [X509ExtendedTrustManager|https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/X509ExtendedTrustManager.html] hence the reason for ZKX509TrustManager class and its helpers. * Hostname verification will need hostname to be supplied at SSLEngine creation time if reverse DNS lookup is not desired. I do not have this either. Some more risks from my patch: * Modifying the code paths for client to server ssl. I have ensured that these tests work. More testing might be needed. * Risk of using X509ExtendedTrustManager, did we miss any checks that are done by the default Trustmanager that was used before. * Lack of upgrade path, I like the idea of new nodes optionally supporting sockets that support both plain and ssl connections. To make my patch more complete I need to continue to write more unit tests specially testing quorum bootstrap with and without SSL and tests for ZKX509TrustManager, have already build tools for that.I have ported some from Netty Trunk work and I could port more to get those going. thanks Powell. > SSL Support for Atomic Broadcast protocol > ----------------------------------------- > > Key: ZOOKEEPER-236 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-236 > Project: ZooKeeper > Issue Type: New Feature > Components: quorum, server > Reporter: Benjamin Reed > Assignee: Abraham Fine > Priority: Minor > > We should have the ability to use SSL to authenticate and encrypt the traffic > between ZooKeeper servers. For the most part this is a very easy change. We > would probably only want to support this for TCP based leader elections. -- This message was sent by Atlassian JIRA (v6.3.15#6346)