li4wang opened a new pull request, #1884: URL: https://github.com/apache/zookeeper/pull/1884
ZooKeer currently has support for reloading the Quorum Truststore & Keystore automatically when the certificate files change in the filesystem without server restart (https://github.com/apache/zookeeper/pull/680) However, Reloading of key and trust store for **ClientX509Util** is not present; i.e., the server presented certs to the clients will not get reloaded automatically if the certificates in the filesystem change, short-lived certs requires the process restart. Changes: - A new config property "zookeeper.client.certReload" is added, if it's true - ClientX509Util is reloaded automatically. - ZK uses an _X509AuthenticationProvider_ which is backed by an X509TrustManager and an X509KeyManager to perform _remote host certificate authentication_. We need to update the X509AuthenticationProvider's TrustStore as part of the X509Util file-watcher. - Junit test case to verify the cert reload. Author: Manu Mathew <manu.mat...@netapp.com> Author: mathewmanu <manmat...@cs.stonybrook.edu> Author: Manu Mathew <101424654+mathew-m...@users.noreply.github.com> Reviewers: Enrico Olivelli <eolive...@apache.org>, Mate Szalay-Beko <sy...@apache.org> Closes #1839 from mathew-manu/ZOOKEEPER-3806 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
