Ammar Master created FLINK-35371:
------------------------------------
Summary: Allow the keystore and truststore type to configured for
SSL
Key: FLINK-35371
URL: https://issues.apache.org/jira/browse/FLINK-35371
Project: Flink
Issue Type: Improvement
Components: Runtime / Network
Reporter: Ammar Master
Flink always creates a keystore and trustore using the [default
type|https://github.com/apache/flink/blob/b87ead743dca161cdae8a1fef761954d206b81fb/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java#L236]
defined in the JDK, which in most cases is JKS. We should add other
configuration options to set the type explicitly to support other custom
formats, and match the options provided by other applications by
[Spark|https://spark.apache.org/docs/latest/security.html#:~:text=the%20key%20store.-,%24%7Bns%7D.keyStoreType,-JKS]
and
[Kafka|https://kafka.apache.org/documentation/#:~:text=per%2Dbroker-,ssl.keystore.type,-The%20file%20format]
already. The default would continue to be specified by the JDK.
The SSLContext for the REST API can read the configuration option directly, and
we need to add extra logic to the
[CustomSSLEngineProvider|https://github.com/apache/flink/blob/master/flink-rpc/flink-rpc-akka/src/main/java/org/apache/flink/runtime/rpc/pekko/CustomSSLEngineProvider.java]
for Pekko.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
