This is an automated email from the ASF dual-hosted git repository. srowen pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push: new bfdde96 [SPARK-36122][CORE] Passing on needClientAuth to Jetty SSLContextFactory bfdde96 is described below commit bfdde9635da0d721cd9ffcc422ad00afc406aa4b Author: skhandrikagmail <87313842+skhandrikagm...@users.noreply.github.com> AuthorDate: Sat Jul 17 08:59:42 2021 -0500 [SPARK-36122][CORE] Passing on needClientAuth to Jetty SSLContextFactory SPARK-36122: Spark does not passon needClientAuth to Jetty SSLContextFactory. Does not allow to configure mTLS authentication. passing needClientAuth to sslContextFactory would help enable mTLS authentication for Jetty through x509 certificates. ### What changes were proposed in this pull request? ### Why are the changes needed? ### Does this PR introduce _any_ user-facing change? ### How was this patch tested? Closes #33301 from skhandrikagmail/patch-1. Authored-by: skhandrikagmail <87313842+skhandrikagm...@users.noreply.github.com> Signed-off-by: Sean Owen <sro...@gmail.com> --- core/src/main/scala/org/apache/spark/SSLOptions.scala | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/core/src/main/scala/org/apache/spark/SSLOptions.scala b/core/src/main/scala/org/apache/spark/SSLOptions.scala index 446a8e5..f1668966 100644 --- a/core/src/main/scala/org/apache/spark/SSLOptions.scala +++ b/core/src/main/scala/org/apache/spark/SSLOptions.scala @@ -78,6 +78,12 @@ private[spark] case class SSLOptions( trustStore.foreach(file => sslContextFactory.setTrustStorePath(file.getAbsolutePath)) trustStorePassword.foreach(sslContextFactory.setTrustStorePassword) trustStoreType.foreach(sslContextFactory.setTrustStoreType) + /* + * Need to pass needClientAuth flag to jetty for Jetty server to authenticate + * client certificates. This would help enable mTLS authentication. + */ + sslContextFactory.setNeedClientAuth(needClientAuth) + } protocol.foreach(sslContextFactory.setProtocol) if (supportedAlgorithms.nonEmpty) { --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org