HTHou commented on PR #18130:
URL: https://github.com/apache/iotdb/pull/18130#issuecomment-4900918774

   One more API/UX note about the new `trustStore` / `keyStore` naming:
   
   It is reasonable to align the C++ Session API with the Java Session API, but 
in the C/C++ ecosystem this naming can be ambiguous. Some C/C++ clients use 
similar names, but often with different semantics. For example, Paho MQTT C has 
`trustStore` / `keyStore` fields but they point to PEM files, while librdkafka 
supports a PKCS#12 `ssl.keystore.location` for client authentication but still 
uses CA-style options such as `ssl.ca.location` / `ssl.ca.pem` for server 
trust. Many C++ APIs instead expose OpenSSL-style inputs directly (`ca/root 
certs`, `cert chain`, `private key`).
   
   So if this PR keeps the Java-style names, please make the boundary explicit 
in docs and errors: JKS is not supported by the C++ client; `.p12` / `.pfx` 
means PKCS#12, and PEM trust files are only supported through the 
legacy/path-style option. It may also be useful to keep or add OpenSSL-style 
configuration names (`caFile`, `certFile`, `keyFile`, etc.) so native C++ users 
do not have to think in Java keystore terms when they already have PEM material.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to