[jira] [Commented] (IGNITE-6168) Ability to use TLS client authentication in the TcpDiscoverySpi

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/IGNITE-6168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16141549#comment-16141549
 ] 

ASF GitHub Bot commented on IGNITE-6168:


Github user asfgit closed the pull request at:

https://github.com/apache/ignite/pull/2505


> Ability to use TLS client authentication in the TcpDiscoverySpi
> ---
>
> Key: IGNITE-6168
> URL: https://issues.apache.org/jira/browse/IGNITE-6168
> Project: Ignite
>  Issue Type: Wish
>Affects Versions: 2.1
>Reporter: Jens Borgland
>Assignee: Ilya Kasnacheev
>
> I'm working on an application where we use mutual TLS to protect the 
> communication (of different kinds) between the components. It seems like 
> Ignite uses mutual TLS for the TcpCommunicationSpi but not for the 
> TcpDiscoverySpi. Would it be possible to add this ability (one way could 
> perhaps be by implementing IGNITE-6167 so that it can be done through a 
> custom socket factory)?
> I'm aware that there are other client authentication options for the 
> discovery SPI but it would be nice to be able to use the same mechanism 
> everywhere.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (IGNITE-6168) Ability to use TLS client authentication in the TcpDiscoverySpi

[Nikolay Tikhonov (JIRA)]

[ 
https://issues.apache.org/jira/browse/IGNITE-6168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16141488#comment-16141488
 ] 

Nikolay Tikhonov commented on IGNITE-6168:
--

[~ilyak]
Thank you for your contribution! Looks good for me. I've merged to master.

> Ability to use TLS client authentication in the TcpDiscoverySpi
> ---
>
> Key: IGNITE-6168
> URL: https://issues.apache.org/jira/browse/IGNITE-6168
> Project: Ignite
>  Issue Type: Wish
>Affects Versions: 2.1
>Reporter: Jens Borgland
>Assignee: Ilya Kasnacheev
>
> I'm working on an application where we use mutual TLS to protect the 
> communication (of different kinds) between the components. It seems like 
> Ignite uses mutual TLS for the TcpCommunicationSpi but not for the 
> TcpDiscoverySpi. Would it be possible to add this ability (one way could 
> perhaps be by implementing IGNITE-6167 so that it can be done through a 
> custom socket factory)?
> I'm aware that there are other client authentication options for the 
> discovery SPI but it would be nice to be able to use the same mechanism 
> everywhere.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (IGNITE-6168) Ability to use TLS client authentication in the TcpDiscoverySpi

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/IGNITE-6168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16138636#comment-16138636
 ] 

ASF GitHub Bot commented on IGNITE-6168:


GitHub user alamar opened a pull request:

https://github.com/apache/ignite/pull/2505

IGNITE-6168 Need SSL client authentication during discovery

Otherwise when certificates mismatch, discovery succeeds but communication 
fails, leading to a livelock.

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/alamar/ignite ignite-6168

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/ignite/pull/2505.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2505


commit 8852328e0a514f3dc625cfc76f96aa280190e96d
Author: Ilya Kasnacheev 
Date:   2017-08-23T16:53:41Z

IGNITE-6168 Need SSL client authentication during discovery




> Ability to use TLS client authentication in the TcpDiscoverySpi
> ---
>
> Key: IGNITE-6168
> URL: https://issues.apache.org/jira/browse/IGNITE-6168
> Project: Ignite
>  Issue Type: Wish
>Affects Versions: 2.1
>Reporter: Jens Borgland
>Assignee: Ilya Kasnacheev
>
> I'm working on an application where we use mutual TLS to protect the 
> communication (of different kinds) between the components. It seems like 
> Ignite uses mutual TLS for the TcpCommunicationSpi but not for the 
> TcpDiscoverySpi. Would it be possible to add this ability (one way could 
> perhaps be by implementing IGNITE-6167 so that it can be done through a 
> custom socket factory)?
> I'm aware that there are other client authentication options for the 
> discovery SPI but it would be nice to be able to use the same mechanism 
> everywhere.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (IGNITE-6168) Ability to use TLS client authentication in the TcpDiscoverySpi

[Jens Borgland (JIRA)]

[ 
https://issues.apache.org/jira/browse/IGNITE-6168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16138277#comment-16138277
 ] 

Jens Borgland commented on IGNITE-6168:
---

[~ilyak], makes sense since it seems to be a hard requirement for the 
TcpCommunicationSpi.

> Ability to use TLS client authentication in the TcpDiscoverySpi
> ---
>
> Key: IGNITE-6168
> URL: https://issues.apache.org/jira/browse/IGNITE-6168
> Project: Ignite
>  Issue Type: Wish
>Affects Versions: 2.1
>Reporter: Jens Borgland
>
> I'm working on an application where we use mutual TLS to protect the 
> communication (of different kinds) between the components. It seems like 
> Ignite uses mutual TLS for the TcpCommunicationSpi but not for the 
> TcpDiscoverySpi. Would it be possible to add this ability (one way could 
> perhaps be by implementing IGNITE-6167 so that it can be done through a 
> custom socket factory)?
> I'm aware that there are other client authentication options for the 
> discovery SPI but it would be nice to be able to use the same mechanism 
> everywhere.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (IGNITE-6168) Ability to use TLS client authentication in the TcpDiscoverySpi

[Ilya Kasnacheev (JIRA)]

[ 
https://issues.apache.org/jira/browse/IGNITE-6168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16138272#comment-16138272
 ] 

Ilya Kasnacheev commented on IGNITE-6168:
-

[~jens.borgland] This looks like an issue indeed, because it is possible for 
two nodes to be stuck in "discovered but not connected and trying to connect 
forever" livelock state for good as I have just confirmed. I think that mutual 
TLS should be the only option in TcpDiscoverySpi.

> Ability to use TLS client authentication in the TcpDiscoverySpi
> ---
>
> Key: IGNITE-6168
> URL: https://issues.apache.org/jira/browse/IGNITE-6168
> Project: Ignite
>  Issue Type: Wish
>Affects Versions: 2.1
>Reporter: Jens Borgland
>
> I'm working on an application where we use mutual TLS to protect the 
> communication (of different kinds) between the components. It seems like 
> Ignite uses mutual TLS for the TcpCommunicationSpi but not for the 
> TcpDiscoverySpi. Would it be possible to add this ability (one way could 
> perhaps be by implementing IGNITE-6167 so that it can be done through a 
> custom socket factory)?
> I'm aware that there are other client authentication options for the 
> discovery SPI but it would be nice to be able to use the same mechanism 
> everywhere.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)