mridulm commented on code in PR #43240:
URL: https://github.com/apache/spark/pull/43240#discussion_r1375832463
##########
docs/security.md:
##########
@@ -563,7 +604,52 @@ replaced with one of the above namespaces.
<tr>
<td><code>${ns}.trustStoreType</code></td>
<td>JKS</td>
- <td>The type of the trust store.</td>
+ <td>The type of the trust store. This setting is not applicable to the
`rpc` namespace.</td>
+ </tr>
+ <tr>
+ <td><code>${ns}.openSSLEnabled</code></td>
+ <td>false</td>
+ <td>
+ Whether to use OpenSSL for cryptographic operations instead of the JDK
SSL provider.
+ This setting is only applicable to the `rpc` namespace, and also
requires the `certChain`
+ and `privateKey` settings to be set.
Review Comment:
Call out that this takes precedence over JKS, and that unavailability of
openssl at runtime will cause spark to fall back to jks ?
QQ: Would be interesting to see what would happen in case jks and openssl
configs are not 'compatible' (if jks was being specified for UI) - how spark
behaves: perhaps we should disable that fallback ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
