ChenSammi commented on code in PR #4493:
URL: https://github.com/apache/ozone/pull/4493#discussion_r1161478933
##########
hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMSecurityProtocolServer.java:
##########
@@ -225,9 +214,9 @@ public String getSCMCertificate(ScmNodeDetailsProto
scmNodeDetails,
private String getEncodedCertToString(String certSignReq, NodeType nodeType)
throws IOException {
Future<CertPath> future;
- if (nodeType == NodeType.SCM) {
+ if (nodeType == NodeType.SCM && rootCertificateServer != null) {
Review Comment:
@neils-dev , the basic idea is remove the limitation that only rootCA can
sign other SCM sub CA certificate. The new proposal is SCM leader will sign
other SCMs. The rootCertificateServer null check here is a kind of
optimization. If the SCM leader also has the rooCA certificate, then use the
rootCA certificate to sign the cert request, otherwise, use leader SCM's sub-CA
to sign it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
