[jira] [Commented] (IGNITE-6168) Ability to use TLS client authentication in the TcpDiscoverySpi
[ https://issues.apache.org/jira/browse/IGNITE-6168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16141549#comment-16141549 ] ASF GitHub Bot commented on IGNITE-6168: Github user asfgit closed the pull request at: https://github.com/apache/ignite/pull/2505 > Ability to use TLS client authentication in the TcpDiscoverySpi > --- > > Key: IGNITE-6168 > URL: https://issues.apache.org/jira/browse/IGNITE-6168 > Project: Ignite > Issue Type: Wish >Affects Versions: 2.1 >Reporter: Jens Borgland >Assignee: Ilya Kasnacheev > > I'm working on an application where we use mutual TLS to protect the > communication (of different kinds) between the components. It seems like > Ignite uses mutual TLS for the TcpCommunicationSpi but not for the > TcpDiscoverySpi. Would it be possible to add this ability (one way could > perhaps be by implementing IGNITE-6167 so that it can be done through a > custom socket factory)? > I'm aware that there are other client authentication options for the > discovery SPI but it would be nice to be able to use the same mechanism > everywhere. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (IGNITE-6168) Ability to use TLS client authentication in the TcpDiscoverySpi
[ https://issues.apache.org/jira/browse/IGNITE-6168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16141488#comment-16141488 ] Nikolay Tikhonov commented on IGNITE-6168: -- [~ilyak] Thank you for your contribution! Looks good for me. I've merged to master. > Ability to use TLS client authentication in the TcpDiscoverySpi > --- > > Key: IGNITE-6168 > URL: https://issues.apache.org/jira/browse/IGNITE-6168 > Project: Ignite > Issue Type: Wish >Affects Versions: 2.1 >Reporter: Jens Borgland >Assignee: Ilya Kasnacheev > > I'm working on an application where we use mutual TLS to protect the > communication (of different kinds) between the components. It seems like > Ignite uses mutual TLS for the TcpCommunicationSpi but not for the > TcpDiscoverySpi. Would it be possible to add this ability (one way could > perhaps be by implementing IGNITE-6167 so that it can be done through a > custom socket factory)? > I'm aware that there are other client authentication options for the > discovery SPI but it would be nice to be able to use the same mechanism > everywhere. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (IGNITE-6168) Ability to use TLS client authentication in the TcpDiscoverySpi
[ https://issues.apache.org/jira/browse/IGNITE-6168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16138636#comment-16138636 ] ASF GitHub Bot commented on IGNITE-6168: GitHub user alamar opened a pull request: https://github.com/apache/ignite/pull/2505 IGNITE-6168 Need SSL client authentication during discovery Otherwise when certificates mismatch, discovery succeeds but communication fails, leading to a livelock. You can merge this pull request into a Git repository by running: $ git pull https://github.com/alamar/ignite ignite-6168 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/ignite/pull/2505.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #2505 commit 8852328e0a514f3dc625cfc76f96aa280190e96d Author: Ilya KasnacheevDate: 2017-08-23T16:53:41Z IGNITE-6168 Need SSL client authentication during discovery > Ability to use TLS client authentication in the TcpDiscoverySpi > --- > > Key: IGNITE-6168 > URL: https://issues.apache.org/jira/browse/IGNITE-6168 > Project: Ignite > Issue Type: Wish >Affects Versions: 2.1 >Reporter: Jens Borgland >Assignee: Ilya Kasnacheev > > I'm working on an application where we use mutual TLS to protect the > communication (of different kinds) between the components. It seems like > Ignite uses mutual TLS for the TcpCommunicationSpi but not for the > TcpDiscoverySpi. Would it be possible to add this ability (one way could > perhaps be by implementing IGNITE-6167 so that it can be done through a > custom socket factory)? > I'm aware that there are other client authentication options for the > discovery SPI but it would be nice to be able to use the same mechanism > everywhere. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (IGNITE-6168) Ability to use TLS client authentication in the TcpDiscoverySpi
[ https://issues.apache.org/jira/browse/IGNITE-6168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16138277#comment-16138277 ] Jens Borgland commented on IGNITE-6168: --- [~ilyak], makes sense since it seems to be a hard requirement for the TcpCommunicationSpi. > Ability to use TLS client authentication in the TcpDiscoverySpi > --- > > Key: IGNITE-6168 > URL: https://issues.apache.org/jira/browse/IGNITE-6168 > Project: Ignite > Issue Type: Wish >Affects Versions: 2.1 >Reporter: Jens Borgland > > I'm working on an application where we use mutual TLS to protect the > communication (of different kinds) between the components. It seems like > Ignite uses mutual TLS for the TcpCommunicationSpi but not for the > TcpDiscoverySpi. Would it be possible to add this ability (one way could > perhaps be by implementing IGNITE-6167 so that it can be done through a > custom socket factory)? > I'm aware that there are other client authentication options for the > discovery SPI but it would be nice to be able to use the same mechanism > everywhere. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (IGNITE-6168) Ability to use TLS client authentication in the TcpDiscoverySpi
[ https://issues.apache.org/jira/browse/IGNITE-6168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16138272#comment-16138272 ] Ilya Kasnacheev commented on IGNITE-6168: - [~jens.borgland] This looks like an issue indeed, because it is possible for two nodes to be stuck in "discovered but not connected and trying to connect forever" livelock state for good as I have just confirmed. I think that mutual TLS should be the only option in TcpDiscoverySpi. > Ability to use TLS client authentication in the TcpDiscoverySpi > --- > > Key: IGNITE-6168 > URL: https://issues.apache.org/jira/browse/IGNITE-6168 > Project: Ignite > Issue Type: Wish >Affects Versions: 2.1 >Reporter: Jens Borgland > > I'm working on an application where we use mutual TLS to protect the > communication (of different kinds) between the components. It seems like > Ignite uses mutual TLS for the TcpCommunicationSpi but not for the > TcpDiscoverySpi. Would it be possible to add this ability (one way could > perhaps be by implementing IGNITE-6167 so that it can be done through a > custom socket factory)? > I'm aware that there are other client authentication options for the > discovery SPI but it would be nice to be able to use the same mechanism > everywhere. -- This message was sent by Atlassian JIRA (v6.4.14#64029)