HTHou opened a new pull request, #18026:
URL: https://github.com/apache/iotdb/pull/18026

   ## Summary
   
   - Add `thrift_ssl_client_auth` to require client certificates for Thrift SSL 
connections without reusing REST `client_auth`.
   - Add optional client keystore support for Java Session, SessionPool, table 
session builders, JDBC, CLI, and import/export tools.
   - Extend integration-test SSL helpers and add `IoTDBClientMutualSSLIT` 
coverage for mTLS client paths.
   
   ## Notes
   
   The server-side keystore/truststore paths remain the shared existing SSL 
settings. The new option only controls whether the Thrift SSL server requires 
client certificate authentication.
   
   ## Validation
   
   - `mvn spotless:apply -pl 
iotdb-client/service-rpc,iotdb-client/session,iotdb-client/jdbc,iotdb-client/cli,iotdb-core/node-commons,iotdb-core/datanode`
   - `mvn spotless:apply -pl integration-test -P with-integration-tests`
   - `mvn compile -pl 
iotdb-client/service-rpc,iotdb-client/session,iotdb-client/jdbc,iotdb-client/cli,iotdb-core/node-commons`
   - `mvn test -pl iotdb-client/jdbc -Dtest=UtilsTest`
   - `git diff --check`
   
   `mvn compile -pl iotdb-core/node-commons,iotdb-core/datanode` is currently 
blocked by existing generated parser compile errors in `ASTVisitor.java` for 
`MAX_SCHEMA_REGION_GROUP_NUM()` and `MAX_DATA_REGION_GROUP_NUM()`.
   
   `IoTDBClientMutualSSLIT` compiles and runs when current client modules are 
in the reactor; positive mTLS client cases pass, but the negative server-side 
enforcement case requires a locally built server containing this PR's DataNode 
changes. The local DataNode build is blocked by the parser issue above.
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to