[GitHub] [flink] NicoK opened a new pull request #8767: [FLINK-12871][docs] fix separate keypass not compatible with PKCS12 stores

Mon, 17 Jun 2019 06:50:53 -0700 

NicoK opened a new pull request #8767: [FLINK-12871][docs] fix separate keypass 
not compatible with PKCS12 stores
URL: https://github.com/apache/flink/pull/8767
 
 
   ## What is the purpose of the change
   
   The SSL setup examples were updated to rely on PKCS12 format in 
6f9aa832f85447e38e265d413aff829daadcecc4 (instead of the old JKS keystore) but 
PKCS12 does not support separate passwords for the key store and the key itself.
   
   ```
   Warning:  Different store and key passwords not supported for PKCS12 
KeyStores. Ignoring user-specified -keypass value.
   ```
   
   Also, some of the examples still rely on the old JKS keystore and are not 
using PKCS12 yet.
   
   Once approved, this PR should also make it into the 1.7 and 1.8 docs.
   
   ## Brief change log
   
   - remove separate `keypass` entries from the examples
   - add PKCS12 format to the internal key (store) generation
   
   ## Verifying this change
   
   This change is a trivial rework / code cleanup without any test coverage. I 
manually tested the following variants:
   - internal with PKCS12
   - internal with JKS keystore
   - self-signed REST, PKCS12
   - self-signed REST, JKS keystore
   - REST with CA, PKCS12
   - REST with CA, JKS keystore
   
   ## Does this pull request potentially affect one of the following parts:
   
     - Dependencies (does it add or upgrade a dependency): **no**
     - The public API, i.e., is any changed class annotated with 
`@Public(Evolving)`: **no**
     - The serializers: **no**
     - The runtime per-record code paths (performance sensitive): **no**
     - Anything that affects deployment or recovery: JobManager (and its 
components), Checkpointing, Yarn/Mesos, ZooKeeper: **no**
     - The S3 file system connector: **no**
   
   ## Documentation
   
     - Does this pull request introduce a new feature? **no**
     - If yes, how is the feature documented? **not applicable**
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to