JTaky commented on code in PR #27034:
URL: https://github.com/apache/flink/pull/27034#discussion_r2493511727
##########
flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java:
##########
@@ -67,13 +70,15 @@
/** Common utilities to manage SSL transport settings. */
public class SSLUtils {
+ private static final Logger LOG = LoggerFactory.getLogger(SSLUtils.class);
+
/**
* Creates a factory for SSL Server Sockets from the given configuration.
SSL Server Sockets are
* always part of internal communication.
*/
public static ServerSocketFactory
createSSLServerSocketFactory(Configuration config)
throws Exception {
- SSLContext sslContext = createInternalSSLContext(config, false);
+ SSLContext sslContext = createInternalSSLContext(config, false, false);
Review Comment:
thanks for the comment, it is really could be confusing. Added a comment to
make it a bit more explicit.
TL;DR; BlobServer uses the plain socket, there is not built-in API in java
to reload the certificates, so we went with solution to simply recreate the
server socket.
_My understanding:_ It could result in temporary unavailability of the Blob
Server, but with client retries practically it should lead to the slight
increase of the Job deployment time for clusters which relies on the SSL reload
mechanism.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
