[jira] [Updated] (ACCUMULO-1009) Support encryption over the wire

Fri, 04 Oct 2013 09:10:37 -0700 

     [ 
https://issues.apache.org/jira/browse/ACCUMULO-1009?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Berman updated ACCUMULO-1009:
-------------------------------------

    Attachment: ACCUMULO-1009_thriftSsl-2013-10-4.patch

Ok, in an effort to unblock this changeset from the provisioning issue (which 
I'll file as a separate issue), I've attached a new patch where CertUtils is 
pulled out of server and minicluster has no capability to generate its own 
certs.

I know [~ctubbsii] wants to switch to using keytool-maven-plugin for the 
provisioning in our integration tests, but it doesn't actually support cert 
generation without JDK 1.7, and my understanding is that we want to stay 1.6 
compatible for the time being.  (It's also not clear that it supports 
generating self-signed certs without external tools even then.)  So, for now, I 
just moved CertUtils (and the corresponding bouncycastle deps) into a test-only 
scope.

I've also included an \@Ignored test of our support for SSL config through JSSE 
system properties, however, at the moment it appears that setting JSSE system 
properties breaks ZK connections.  This seems likely to be related to 
ZOOKEEPER-1554, but I'll do some more investigation and comment over there.  
So, I know [~ctubbsii] was pretty insistent that we support JSSE config, but 
should we include it even though we know it won't work, in anticipation of the 
ZK issues getting resolved in the future, or should we pull the support 
completely until there's a chance of it actually working?

> Support encryption over the wire
> --------------------------------
>
>                 Key: ACCUMULO-1009
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1009
>             Project: Accumulo
>          Issue Type: New Feature
>            Reporter: Keith Turner
>            Assignee: Michael Berman
>             Fix For: 1.6.0
>
>         Attachments: ACCUMULO-1009_thriftSsl-2013-10-4.patch, 
> ACCUMULO-1009_thriftSsl.patch
>
>
> Need to support encryption between ACCUMULO clients and servers.  Also need 
> to encrypt communications between server and servers.   
> Basically need to make it possible for users to enable SSL+thrift.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to