[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15906291#comment-15906291
 ] 

Powell Molleti commented on ZOOKEEPER-236:
------------------------------------------

Hi Abe,

Thanks for looking at the patch and feedback.

{quote}
I'm also a little concerned with the use of the `ServerCfg` class. I understand 
how it wraps the hostString and InetSocketAddress but it creates a lot of 
plumbing changes that I do not think are necessary for the functionality we are 
trying to implement and complicate the diff.
{quote}

Noted, I was using that class to band together hostString, InetSocketAddress 
and Certificate fingerprint. I have removed it and eliminated the impact of it  
files. See my comments later in the message on the need for hostString. 

{quote}
Do you think it would be easier to move forward with the patch I uploaded 
originally and put your reconfig changes on top of that (as I think the 
configuration refactoring you did is more appropriate there anyway)?
{quote}

I have no issues if you want to commit your changes. Here are few of the things 
I think are needed.

* Need for separate SSL config for client to server and quorum peer to quorum 
peer. Changes to X509Util and ZKConfig are for this.
* Need for Hostname verification and CRL lists at-least for quorum peer to 
quorum peer SSL would mean that we will need 
[X509ExtendedTrustManager|https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/X509ExtendedTrustManager.html]
 hence the reason for ZKX509TrustManager class and its helpers.
* Hostname verification will need hostname to be supplied at SSLEngine creation 
time if reverse DNS lookup is not desired. I do not have this either.

Some more risks from my patch:

* Modifying the code paths for client to server ssl. I have ensured that these 
tests work. More testing might be needed.
* Risk of using X509ExtendedTrustManager, did we miss any checks that are done 
by the default Trustmanager that was used before.
* Lack of upgrade path, I like the idea of new nodes optionally supporting 
sockets that support both plain and ssl connections.

To make my patch more complete I need to continue to write more unit tests 
specially testing quorum bootstrap with and without SSL and tests for 
ZKX509TrustManager, have already build tools for that.I have ported some from 
Netty Trunk work and I could port more to get those going.

thanks
Powell.

> SSL Support for Atomic Broadcast protocol
> -----------------------------------------
>
>                 Key: ZOOKEEPER-236
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-236
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: quorum, server
>            Reporter: Benjamin Reed
>            Assignee: Abraham Fine
>            Priority: Minor
>
> We should have the ability to use SSL to authenticate and encrypt the traffic 
> between ZooKeeper servers. For the most part this is a very easy change. We 
> would probably only want to support this for TCP based leader elections.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to