I actually think there might be other issues with this boolean, though... like the fact that we assume if not everything is set, then we didn't want HTTPS. However, I think we should check if *any* item is non-empty, and if if any is non-empty, then assume we do want HTTPS, and then check that we have everything else we need and fail if we don't rather than fall back to insecure HTTP.
If we change that logic a bit, then it might make sense to consider the passphrases optional (but I'd still recommend to set them). Another problem I noticed... I'm not sure we're checking for CLIENT_AUTH... we should be able to set that to lock down the monitor to only trusted users. Maybe I just didn't see it... I thought it was there, but I could be wrong. [ Full content available at: https://github.com/apache/accumulo/pull/646 ] This message was relayed via gitbox.apache.org for [email protected]
