Keith Turner created ACCUMULO-1729:
--------------------------------------
Summary: ThriftTransport pool does not include ssl options in
cache key
Key: ACCUMULO-1729
URL: https://issues.apache.org/jira/browse/ACCUMULO-1729
Project: Accumulo
Issue Type: Sub-task
Reporter: Keith Turner
This ticket was created based on the following
[comment|https://issues.apache.org/jira/browse/ACCUMULO-1009?focusedCommentId=13772055&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13772055]
from [~mberman] in ACCUMULO-1009. I copied the comment in case the link
comment stops working.
{quote}
Multiple ZooKeeperInstances in the same java process with different SSL config
(is this possible? It looks like you included ssl options in the Key in
ThriftTransportPool?) This could happen if a single process connected to
multiple Accumulo instances
{quote}
Generally this should be fine. The cached transports are keyed on (location,
timeout, sslEnabled), so if you're connecting to multiple instances from the
same process, they should have different locations anyway, so the different SSL
settings will be segregated. One potential area for concern is that I'm only
using the sslEnabled flag, not the full set of SSL parameters, so if you have
connected successfully with some cert, and then in the same process you try to
connect with a different cert, you could get a cached, connected transport,
even though you might not otherwise trust the remote server (or you might have
an invalid client cert, if that's turned on). It seemed to me like this risk
was pretty minimal, since you're already in the same process, but if others
think it's too big a risk, it would be easy to add all the SSL params to the
key.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
