[GitHub] [flink-statefun] sjwiesman commented on a change in pull request #276: [FLINK-24534] Use the async transport if transport is not specified.

Sat, 16 Oct 2021 17:44:43 -0700 


sjwiesman commented on a change in pull request #276:
URL: https://github.com/apache/flink-statefun/pull/276#discussion_r729895780



##########
File path: 
statefun-flink/statefun-flink-core/src/main/java/org/apache/flink/statefun/flink/core/nettyclient/NettyClient.java
##########
@@ -94,6 +91,24 @@ public static NettyClient from(
     return new NettyClient(shared, eventLoop, pool, endpoint, headers, 
totalRequestBudgetInNanos);
   }
 
+  private static SslContext sslContext(
+      NettySharedResources shared, NettyRequestReplySpec spec, Endpoint 
endpoint) {
+    if (!endpoint.useTls()) {
+      return null;
+    }
+    if (spec.trustStorePath.isEmpty()) {
+      return shared.sslContext();
+    }
+    SslContextBuilder builder = SslContextBuilder.forClient();
+    try {
+      File trustCertCollectionFile = new File(spec.trustStorePath);
+      builder.trustManager(trustCertCollectionFile);
+      return builder.build();
+    } catch (SSLException e) {
+      throw new IllegalStateException("Unable to setup an SSL context.");
+    }
+  }

Review comment:
       Because I can look into my crystal ball and see the ML questions already 
from people who mistyped the path to their trust store ....
   
   ```suggestion
     private static SslContext sslContext(
         NettySharedResources shared, NettyRequestReplySpec spec, Endpoint 
endpoint) {
       if (!endpoint.useTls()) {
         return null;
       }
   
       if (spec.trustStorePath.isEmpty()) {
         return shared.sslContext();
       }
   
       File trustCertCollectionFile = new File(spec.trustStorePath);
       if (!trustCertCollectionFile.exists()) {
         throw new IllegalStateException(
             String.format(
                 "Unable to setup an SSL context, invalid path `%s`."
                     + "Please ensure the trust store file exists and is 
mounted locally on each TaskManager.",
                 spec.trustStorePath));
       }
   
       SslContextBuilder builder = SslContextBuilder.forClient();
       try {
         builder.trustManager(trustCertCollectionFile);
         return builder.build();
       } catch (SSLException e) {
         throw new IllegalStateException("Unable to setup an SSL context.", e);
       }
     }
   ```




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to