[jira] [Commented] (KAFKA-8190) Keystore update without file change doesn't update SSLContext

Thu, 04 Apr 2019 15:02:22 -0700 


    [ 
https://issues.apache.org/jira/browse/KAFKA-8190?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16810332#comment-16810332
 ] 

ASF GitHub Bot commented on KAFKA-8190:
---------------------------------------

rajinisivaram commented on pull request #6539: KAFKA-8190; Don't update 
keystore modification time during validation
URL: https://github.com/apache/kafka/pull/6539
 
 
   We currently store keystore file modification time when loading keystores in 
a `SecurityStore` instance. When dynamically updating keystores without 
filename change, we compare the time at the last load against the current file 
modification time. But we load keystore for validation of dynamic configs and 
as a result, we dont recreate SSLContext when performing actual reconfiguration 
after the validation. We always create a new `SecurityStore` instance for 
reconfiguration of the store, so we only need to store file modification time 
when we construct the instance.
   
   ### Committer Checklist (excluded from commit message)
   - [ ] Verify design and implementation
   - [ ] Verify test coverage and CI build status
   - [ ] Verify documentation (including upgrade notes)
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Keystore update without file change doesn't update SSLContext
> -------------------------------------------------------------
>
>                 Key: KAFKA-8190
>                 URL: https://issues.apache.org/jira/browse/KAFKA-8190
>             Project: Kafka
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.1.0, 2.2.0, 2.1.1
>            Reporter: Rajini Sivaram
>            Assignee: Rajini Sivaram
>            Priority: Major
>             Fix For: 2.1.2, 2.2.1
>
>
> We reload SSL keystores and truststores on a dynamic config update on the 
> broker if one of the configs has changed or if the file modification time has 
> changed. For update without config change, we compare the modification time 
> at the last load with the current modification time of the file. But we load 
> the file for validation of dynamic configs and when reconfiguring we compare 
> the time updated during validation with file modification time. As a result 
> SSLContext is not updated.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to