[
https://issues.apache.org/jira/browse/ZOOKEEPER-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15906291#comment-15906291
]
Powell Molleti commented on ZOOKEEPER-236:
------------------------------------------
Hi Abe,
Thanks for looking at the patch and feedback.
{quote}
I'm also a little concerned with the use of the `ServerCfg` class. I understand
how it wraps the hostString and InetSocketAddress but it creates a lot of
plumbing changes that I do not think are necessary for the functionality we are
trying to implement and complicate the diff.
{quote}
Noted, I was using that class to band together hostString, InetSocketAddress
and Certificate fingerprint. I have removed it and eliminated the impact of it
files. See my comments later in the message on the need for hostString.
{quote}
Do you think it would be easier to move forward with the patch I uploaded
originally and put your reconfig changes on top of that (as I think the
configuration refactoring you did is more appropriate there anyway)?
{quote}
I have no issues if you want to commit your changes. Here are few of the things
I think are needed.
* Need for separate SSL config for client to server and quorum peer to quorum
peer. Changes to X509Util and ZKConfig are for this.
* Need for Hostname verification and CRL lists at-least for quorum peer to
quorum peer SSL would mean that we will need
[X509ExtendedTrustManager|https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/X509ExtendedTrustManager.html]
hence the reason for ZKX509TrustManager class and its helpers.
* Hostname verification will need hostname to be supplied at SSLEngine creation
time if reverse DNS lookup is not desired. I do not have this either.
Some more risks from my patch:
* Modifying the code paths for client to server ssl. I have ensured that these
tests work. More testing might be needed.
* Risk of using X509ExtendedTrustManager, did we miss any checks that are done
by the default Trustmanager that was used before.
* Lack of upgrade path, I like the idea of new nodes optionally supporting
sockets that support both plain and ssl connections.
To make my patch more complete I need to continue to write more unit tests
specially testing quorum bootstrap with and without SSL and tests for
ZKX509TrustManager, have already build tools for that.I have ported some from
Netty Trunk work and I could port more to get those going.
thanks
Powell.
> SSL Support for Atomic Broadcast protocol
> -----------------------------------------
>
> Key: ZOOKEEPER-236
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-236
> Project: ZooKeeper
> Issue Type: New Feature
> Components: quorum, server
> Reporter: Benjamin Reed
> Assignee: Abraham Fine
> Priority: Minor
>
> We should have the ability to use SSL to authenticate and encrypt the traffic
> between ZooKeeper servers. For the most part this is a very easy change. We
> would probably only want to support this for TCP based leader elections.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
