[
https://issues.apache.org/jira/browse/FLINK-9878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16552550#comment-16552550
]
ASF GitHub Bot commented on FLINK-9878:
---------------------------------------
Github user pnowojski commented on a diff in the pull request:
https://github.com/apache/flink/pull/6355#discussion_r204326191
--- Diff:
flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java ---
@@ -163,80 +163,188 @@ public static void
setSSLVerifyHostname(Configuration sslConfig, SSLParameters s
}
/**
- * Creates the SSL Context for the client if SSL is configured.
+ * Configuration settings and key/trustmanager instances to set up an
SSL client connection.
+ */
+ public static class SSLClientConfiguration {
+ public final String sslProtocolVersion;
+ public final TrustManagerFactory trustManagerFactory;
+ public final int sessionCacheSize;
+ public final int sessionTimeoutMs;
+ public final int handshakeTimeoutMs;
+ public final int closeNotifyFlushTimeoutMs;
+
+ public SSLClientConfiguration(
+ String sslProtocolVersion,
+ TrustManagerFactory trustManagerFactory,
+ int sessionCacheSize,
+ int sessionTimeoutMs,
+ int handshakeTimeoutMs,
+ int closeNotifyFlushTimeoutMs) {
+ this.sslProtocolVersion = sslProtocolVersion;
+ this.trustManagerFactory = trustManagerFactory;
+ this.sessionCacheSize = sessionCacheSize;
+ this.sessionTimeoutMs = sessionTimeoutMs;
+ this.handshakeTimeoutMs = handshakeTimeoutMs;
+ this.closeNotifyFlushTimeoutMs =
closeNotifyFlushTimeoutMs;
+ }
+ }
+
+ /**
+ * Creates necessary helper objects to use for creating an SSL Context
for the client if SSL is
+ * configured.
*
* @param sslConfig
* The application configuration
- * @return The SSLContext object which can be used by the ssl transport
client
- * Returns null if SSL is disabled
+ * @return The SSLClientConfiguration object which can be used for
creating some SSL context object;
+ * returns <tt>null</tt> if SSL is disabled.
* @throws Exception
* Thrown if there is any misconfiguration
*/
@Nullable
- public static SSLContext createSSLClientContext(Configuration
sslConfig) throws Exception {
-
+ public static SSLClientConfiguration
createSSLClientConfiguration(Configuration sslConfig) throws Exception {
Preconditions.checkNotNull(sslConfig);
- SSLContext clientSSLContext = null;
if (getSSLEnabled(sslConfig)) {
--- End diff --
reverse if/else conditions and `Optional`
```
if (!getSSLEnabled(...)) {
return Optional.empty();
}
> IO worker threads BLOCKED on SSL Session Cache while CMS full gc
> ----------------------------------------------------------------
>
> Key: FLINK-9878
> URL: https://issues.apache.org/jira/browse/FLINK-9878
> Project: Flink
> Issue Type: Bug
> Components: Network
> Affects Versions: 1.5.0, 1.5.1, 1.6.0
> Reporter: Nico Kruber
> Assignee: Nico Kruber
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.5.2, 1.6.0
>
>
> According to https://github.com/netty/netty/issues/832, there is a JDK issue
> during garbage collection when the SSL session cache is not limited. We
> should allow the user to configure this and further (advanced) SSL parameters
> for fine-tuning to fix this and similar issues. In particular, the following
> parameters should be configurable:
> - SSL session cache size
> - SSL session timeout
> - SSL handshake timeout
> - SSL close notify flush timeout
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
