[jira] [Commented] (GEODE-9017) Reload key store and trust store upon change

Mon, 22 Mar 2021 13:14:07 -0700 


    [ 
https://issues.apache.org/jira/browse/GEODE-9017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17306544#comment-17306544
 ] 

ASF subversion and git services commented on GEODE-9017:
--------------------------------------------------------

Commit 84b2ff300b2e98e6600da26863be49bf0182c33e in geode's branch 
refs/heads/develop from Aaron Lindsey
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=84b2ff3 ]

GEODE-9017: Reload key and trust store upon change

Reload the KeyManager and TrustManager in the SSLContext when the
corresponding key store files are modified on disk.

> Reload key store and trust store upon change
> --------------------------------------------
>
>                 Key: GEODE-9017
>                 URL: https://issues.apache.org/jira/browse/GEODE-9017
>             Project: Geode
>          Issue Type: New Feature
>            Reporter: Aaron Lindsey
>            Assignee: Aaron Lindsey
>            Priority: Major
>              Labels: pull-request-available
>
> [Link to 
> RFC|https://cwiki.apache.org/confluence/display/GEODE/Make+key+and+trust+stores+reload+automatically+upon+change]
> (The below text is copied from the RFC document.)
> h3. Problem
> Currently, in order to rotate certificates each member of the cluster needs 
> to be restarted to load new certs and trust. It would be preferable if 
> certificates can be rotated without having to restart members.
> h3. Solution
> When starting up a cluster member we currently read the TLS configuration 
> which, when TLS is enabled has key and trust store files defined. In case 
> those files are defined they are read, and the information inside them is 
> loaded into the key and trust manager objects that are loaded into the 
> SSLContext.
> This solution will introduce wrapper objects for the key and trust managers 
> and file/directory watcher(s) that can detect changes to the key and trust 
> store files. When key and trust store files are changed this will trigger a 
> reload into key and trust managers and through the wrapper objects these new 
> key and trust managers will be injected into the SSLContext so that the 
> context can start using the new key and trust managers in process.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to