# [[FLINK-10371]: Allow to enable SSL mutual authentication on REST endpoints by configuration](https://issues.apache.org/jira/browse/FLINK-10371)
## What is the purpose of the change This PR adds a config option to enable SSL mutual authentication on the REST endpoints and clients. By default mutual authentication is disabled, so the default behaviour does not changes. If `security.ssl.rest.authentication-enabled` is set to `true`, mutual authentication will be enabled and both the `rest.trustore` as well as the `rest.keystore` will be used for the REST endpoint and clients. This is equivalent to the mutual authentication on the internal communication. ## Brief change log - *Introduce `security.ssl.rest.authentication-enabled` to enable mutual authentication for REST* ## Verifying this change This change added tests and can be verified as follows: - *Extended SSLUtil tests to ensure the config option is interpreted correctly* - *Extended the REST endpoint integration tests to run with mutual auth enabled* - *Added an integration test to validate the connection denied if the client uses an untrusted certificate* ## Does this pull request potentially affect one of the following parts: - Dependencies (does it add or upgrade a dependency): no - The public API, i.e., is any changed class annotated with `@Public(Evolving)`: no - The serializers: no - The runtime per-record code paths (performance sensitive): don't know - Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Yarn/Mesos, ZooKeeper: yes - The S3 file system connector: no ## Documentation - Does this pull request introduce a new feature? yes - If yes, how is the feature documented? docs [ Full content available at: https://github.com/apache/flink/pull/6727 ] This message was relayed via gitbox.apache.org for [email protected]
