[
https://issues.apache.org/jira/browse/DRILL-5431?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16172013#comment-16172013
]
Parth Chandra commented on DRILL-5431:
--------------------------------------
[~laurentgo] I did put in the support to read from the Windows certificate
store for the C++ client, and support for the Mac Keychain and Windows
certificate store for the Java client which makes it a little more palatable
for organizations that want to have their CA at the OS level. It is not too
hard to add the hooks to make the libraries accept a trust store verifier, but
if we have the ability to read the system trust store then it may not be too
useful any more.
Re the hostname verifier, I feel that we should probably stick with the
implementations written by the professionals (i.e boost, netty), rather than
let end users write their own. Many software projects don't even do hostname
verification [http://dl.acm.org/citation.cfm?id=2382204], and many get the name
verification wrong (the RFC is hard to read).
It is probably just as easy (or hard) to add a hook to let users override
hostname verification but I'd like to get a PR out for this one, and then add
this as an enhancement.
> Support SSL
> -----------
>
> Key: DRILL-5431
> URL: https://issues.apache.org/jira/browse/DRILL-5431
> Project: Apache Drill
> Issue Type: New Feature
> Components: Client - Java, Client - ODBC
> Reporter: Sudheesh Katkam
> Assignee: Sudheesh Katkam
>
> Support SSL between Drillbit and JDBC/ODBC drivers. Drill already supports
> HTTPS for web traffic.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
