hasnain-db commented on code in PR #43240:
URL: https://github.com/apache/spark/pull/43240#discussion_r1385259389
##########
docs/security.md:
##########
@@ -563,7 +604,52 @@ replaced with one of the above namespaces.
<tr>
<td><code>${ns}.trustStoreType</code></td>
<td>JKS</td>
- <td>The type of the trust store.</td>
+ <td>The type of the trust store. This setting is not applicable to the
`rpc` namespace.</td>
+ </tr>
+ <tr>
+ <td><code>${ns}.openSSLEnabled</code></td>
+ <td>false</td>
+ <td>
+ Whether to use OpenSSL for cryptographic operations instead of the JDK
SSL provider.
+ This setting is only applicable to the `rpc` namespace, and also
requires the `certChain`
+ and `privateKey` settings to be set.
Review Comment:
@mridulm I might be missing something. We clearly document two things that I
believe should mean we don't have a problem:
1. We say `privateKey` and `certChain` must be PEM files,
2. We say that `privateKey` and `certChain` are only supported for the rpc
namespace.
If one wants to use `keyStore` and `trustStore` it *must* be a JKS file, and
you then must use the JDK SSL provider (not openssl). In that case the keys
will be the same across rpc and UI and things should work fine.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
