skhandrikagmail commented on a change in pull request #33301:
URL: https://github.com/apache/spark/pull/33301#discussion_r668821053
##########
File path: core/src/main/scala/org/apache/spark/SSLOptions.scala
##########
@@ -78,6 +78,12 @@ private[spark] case class SSLOptions(
trustStore.foreach(file =>
sslContextFactory.setTrustStorePath(file.getAbsolutePath))
trustStorePassword.foreach(sslContextFactory.setTrustStorePassword)
trustStoreType.foreach(sslContextFactory.setTrustStoreType)
+ /*
+ * Need to pass needClientAuth flag to jetty for Jetty server to
authenticate
+ * client certificates. This would help enable mTLS authentication.
+ */
+ sslContextFactory.setNeedClientAuth(needClientAuth)
Review comment:
As we are specifically passing on this flag to Jetty's SSLConfigFactory,
I do not see any issues.
This flag's default value is false hence will not take effect until
explicitly set.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
