[
https://issues.apache.org/jira/browse/FLINK-32035?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thomas Weise resolved FLINK-32035.
----------------------------------
Fix Version/s: 1.18.0
Resolution: Implemented
> SQL Client should support HTTPS with built-in JDK certificates
> --------------------------------------------------------------
>
> Key: FLINK-32035
> URL: https://issues.apache.org/jira/browse/FLINK-32035
> Project: Flink
> Issue Type: Improvement
> Components: Table SQL / Client, Table SQL / Gateway
> Affects Versions: 1.17.0
> Reporter: Alexander Fedulov
> Assignee: Alexander Fedulov
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.18.0
>
>
> Related to FLINK-32030
> Internally SQL Client uses Flink’s _RestClient_ [1]. This client decides
> whether to enable SSL not on the basis of the URL schema
> ([https://|https:]...), but based on Flink configuration, namely a global
> _security.ssl.rest.enabled_ parameter [2] (which is also used for the REST
> server-side configuration ). When this parameter is set to true, it
> automatically requires user-supplied _security.ssl.rest.truststore_ and
> _security.ssl.rest.keystore_ to be configured - there is no default option to
> use certificates from JDK. After URL support for SQL Client gateway mode
> (FLINK-32030) gets added, the SQL Client should automatically use
> certificates built in into the JDK unless user-supplied trust- and keystores
> are configured.
> [1]
> [https://github.com/apache/flink/blob/5dddc0dba2be20806e67769314eecadf56b87a53/flink-table/flink-sql-client/src/main/java/org/apache/flink/table/client/gateway/ExecutorImpl.java#L359]
> [2]
> [https://github.com/apache/flink/blob/5d9e63a16f079399c6b51547284bb96db0326bdb/flink-runtime/src/main/java/org/apache/flink/runtime/rest/RestClientConfiguration.java#L103]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
