István Fajth created HDDS-8963:
----------------------------------
Summary: Clean in memory certificates once they
expired/renewed/revoked
Key: HDDS-8963
URL: https://issues.apache.org/jira/browse/HDDS-8963
Project: Apache Ozone
Issue Type: Sub-task
Reporter: István Fajth
Currently certificate rotation removes the old certificates/keys from the disks
once they have been renewed.
The in-memory state though remembers the old certificates, and should be
cleaned up. In order to do so we probably would want to have revocation
support, and then the renew can revoke the old certificates, and the revocation
handling can clean up the in-memory state. There might be other solutions to
explore as part of the renewal itself as well, but at that point it is unclear
if there are any references being hold by the underlying SSL implementation in
channels that are already open, so that seems to be a more complex approach.
After revocation the underlying SSL implementation also is notified that the
certificate is not valid anymore.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
