Alex Rankin created ZOOKEEPER-3160:
--------------------------------------
Summary: Custom User SSLContext
Key: ZOOKEEPER-3160
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3160
Project: ZooKeeper
Issue Type: New Feature
Components: java client
Affects Versions: 3.5.4
Reporter: Alex Rankin
Fix For: 3.5.5
The Zookeeper libraries currently allow you to set up your SSL Context via
system properties such as "zookeeper.ssl.keyStore.location" in the X509Util.
This covers most simple use cases, where users have software keystores on their
harddrive.
There are, however, a few additional scenarios that this doesn't cover. Two
possible ones would be:
# The user has a hardware keystore, loaded in using PKCS11 or something
similar.
# The user has no access to the software keystore, but can retrieve an
already-constructed SSLContext from their container.
For this, I would propose that the X509Util be extended to allow a user to set
a property such as "zookeeper.ssl.client.context" to provide a class which
supplies a custom SSL context. This gives a lot more flexibility to the ZK
client, and allows the user to construct the SSLContext in whatever way they
please (which also future proofs the implementation somewhat).
I've already completed this feature, and will put in a PR soon for it.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
