[GitHub] zookeeper pull request #728: ZOOKEEPER-3160: Custom User SSLContext

Mon, 03 Dec 2018 03:44:21 -0800 

GitHub user arankin-irl reopened a pull request:

    https://github.com/apache/zookeeper/pull/728

    ZOOKEEPER-3160: Custom User SSLContext

    This is a master branch version of: 
https://github.com/apache/zookeeper/pull/654
    
    The previous PR was for branch 3.5, and couldn't be merged as that branch 
is closed for new features.
    
    The Zookeeper libraries currently allow you to set up your SSL Context via 
system properties such as "zookeeper.ssl.keyStore.location" in the X509Util. 
This covers most simple use cases, where users have software keystores on their 
harddrive.
    
    There are, however, a few additional scenarios that this doesn't cover. Two 
possible ones would be:
    
    1. The user has a hardware keystore, loaded in using PKCS11 or something 
similar.
    2. The user has no access to the software keystore, but can retrieve an 
already-constructed SSLContext from their container.
    
    For this, I would propose that the X509Util be extended to allow a user to 
set a property "zookeeper.ssl.client.context" to provide a class which supplies 
a custom SSL context. This gives a lot more flexibility to the ZK client, and 
allows the user to construct the SSLContext in whatever way they please (which 
also future proofs the implementation somewhat).
    
    I added a few simple tests to this class around setting the SSLContext, and 
setting an invalid one. I'm not testing the actual functionality of the 
SSLContext, etc.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/Mastercard/zookeeper ZOOKEEPER-3160

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zookeeper/pull/728.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #728
    
----
commit 7ae74851b8e14bcae80d4eaa1141e076e3953fa6
Author: Alex Rankin <davelister@...>
Date:   2018-12-03T10:27:35Z

    Merge pull request #4 from apache/master
    
    Master Merge

commit 400839a60ff3bd5a4af60710fbd07ce4ae5601a0
Author: Alex Rankin <davelister@...>
Date:   2018-12-03T11:12:19Z

    Adding ability to specify custom SSLContext for client

----


---

Reply via email to