waitinfuture commented on code in PR #2469:
URL: https://github.com/apache/celeborn/pull/2469#discussion_r1573228448
##########
common/src/main/java/org/apache/celeborn/common/network/ssl/SSLFactory.java:
##########
@@ -85,6 +96,28 @@ private void initJdkSslContext(final Builder b) throws
IOException, GeneralSecur
this.jdkSslContext = createSSLContext(requestedProtocol, keyManagers,
trustManagers);
}
+ /*
+ * As b.trustStore is null, credulousTrustStoreManagers will be used - and
so all
+ * certs will be accepted - and hence self-signed cert from lifecycle
manager will
+ * be accepted at executors: nothing else needs to be done to enable its
+ * use - other than generation of the certificate itself, which is what gets
done here.
+ */
+ private void configureAutoSsl(Builder b) {
+ // The keystore creation ideally be done only at Lifecycle manager, and
not in executors
+ // It does not cause issues to run it at executors, though it is not
necessary.
+ // How can be identify this scenario and ensure this is not invoked at
executors ?
Review Comment:
Maybe one possible way is to further split `RPC_APP_MODULE` to
`RPC_LIFECYCLEMANAGER_MODULE` and `RPC_CLIENT_MODULE`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
