HTHou opened a new pull request, #18026: URL: https://github.com/apache/iotdb/pull/18026
## Summary - Add `thrift_ssl_client_auth` to require client certificates for Thrift SSL connections without reusing REST `client_auth`. - Add optional client keystore support for Java Session, SessionPool, table session builders, JDBC, CLI, and import/export tools. - Extend integration-test SSL helpers and add `IoTDBClientMutualSSLIT` coverage for mTLS client paths. ## Notes The server-side keystore/truststore paths remain the shared existing SSL settings. The new option only controls whether the Thrift SSL server requires client certificate authentication. ## Validation - `mvn spotless:apply -pl iotdb-client/service-rpc,iotdb-client/session,iotdb-client/jdbc,iotdb-client/cli,iotdb-core/node-commons,iotdb-core/datanode` - `mvn spotless:apply -pl integration-test -P with-integration-tests` - `mvn compile -pl iotdb-client/service-rpc,iotdb-client/session,iotdb-client/jdbc,iotdb-client/cli,iotdb-core/node-commons` - `mvn test -pl iotdb-client/jdbc -Dtest=UtilsTest` - `git diff --check` `mvn compile -pl iotdb-core/node-commons,iotdb-core/datanode` is currently blocked by existing generated parser compile errors in `ASTVisitor.java` for `MAX_SCHEMA_REGION_GROUP_NUM()` and `MAX_DATA_REGION_GROUP_NUM()`. `IoTDBClientMutualSSLIT` compiles and runs when current client modules are in the reactor; positive mTLS client cases pass, but the negative server-side enforcement case requires a locally built server containing this PR's DataNode changes. The local DataNode build is blocked by the parser issue above. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
