[
https://issues.apache.org/jira/browse/IGNITE-6168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16138636#comment-16138636
]
ASF GitHub Bot commented on IGNITE-6168:
----------------------------------------
GitHub user alamar opened a pull request:
https://github.com/apache/ignite/pull/2505
IGNITE-6168 Need SSL client authentication during discovery
Otherwise when certificates mismatch, discovery succeeds but communication
fails, leading to a livelock.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/alamar/ignite ignite-6168
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/ignite/pull/2505.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2505
----
commit 8852328e0a514f3dc625cfc76f96aa280190e96d
Author: Ilya Kasnacheev <[email protected]>
Date: 2017-08-23T16:53:41Z
IGNITE-6168 Need SSL client authentication during discovery
----
> Ability to use TLS client authentication in the TcpDiscoverySpi
> ---------------------------------------------------------------
>
> Key: IGNITE-6168
> URL: https://issues.apache.org/jira/browse/IGNITE-6168
> Project: Ignite
> Issue Type: Wish
> Affects Versions: 2.1
> Reporter: Jens Borgland
> Assignee: Ilya Kasnacheev
>
> I'm working on an application where we use mutual TLS to protect the
> communication (of different kinds) between the components. It seems like
> Ignite uses mutual TLS for the TcpCommunicationSpi but not for the
> TcpDiscoverySpi. Would it be possible to add this ability (one way could
> perhaps be by implementing IGNITE-6167 so that it can be done through a
> custom socket factory)?
> I'm aware that there are other client authentication options for the
> discovery SPI but it would be nice to be able to use the same mechanism
> everywhere.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
