[jira] [Work logged] (HIVE-24253) HMS and HS2 needs to support keystore/truststores types besides JKS by config

Wed, 14 Oct 2020 19:46:11 -0700 


     [ 
https://issues.apache.org/jira/browse/HIVE-24253?focusedWorklogId=500929&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-500929
 ]

ASF GitHub Bot logged work on HIVE-24253:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 15/Oct/20 02:45
            Start Date: 15/Oct/20 02:45
    Worklog Time Spent: 10m 
      Work Description: yongzhi commented on a change in pull request #1580:
URL: https://github.com/apache/hive/pull/1580#discussion_r505131640



##########
File path: 
service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpCLIService.java
##########
@@ -136,6 +136,12 @@ public void onClosed(Connection connection) {
               ConfVars.HIVE_SERVER2_SSL_KEYSTORE_PATH.varname 
               + " Not configured for SSL connection");
         }
+        String keyStoreType = 
hiveConf.getVar(ConfVars.HIVE_SERVER2_SSL_KEYSTORE_TYPE).trim();
+        if (keyStoreType.isEmpty()) {
+          keyStoreType = KeyStore.getDefaultType();
+        }
+        String keyStoreAlgorithm = 
hiveConf.getVar(ConfVars.HIVE_SERVER2_SSL_KEYSTORE_ALGORITHM).trim();

Review comment:
       For the MetastoreConf changes in testing because the previous HiveConf 
metastore related properties are all deprecated, I just switch to the 
corresponding properties in MetastoreConf




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 500929)
    Time Spent: 40m  (was: 0.5h)

> HMS and HS2 needs to support keystore/truststores types besides JKS by config
> -----------------------------------------------------------------------------
>
>                 Key: HIVE-24253
>                 URL: https://issues.apache.org/jira/browse/HIVE-24253
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2, Standalone Metastore
>            Reporter: Yongzhi Chen
>            Assignee: Yongzhi Chen
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> When HiveMetaStoreClient connects to HMS with enabled SSL, HMS should support 
> the Keystore type configurable and default to keystore type specified for the 
> JDK and not always use JKS. Same as HIVE-23958 for hive, HMS should support 
> to set additional keystore/truststore types used for different applications 
> like for FIPS crypto algorithms.
> Also, make hive keystore type and algorithm configurable.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to