ajorgensen opened a new pull request #2850: Add SSL support for stream manager connections URL: https://github.com/apache/incubator-heron/pull/2850 This commit adds ssl support for connection between stream managers. The main purpose of this change is to protect data that is in-transit through a heron topology from packet sniffing as such it is only implemented between each stream manager. Communication to the tmaster, metrics manager, or instance will not be encrypted. This basic implementation adds the ability to optionally pass an ssl certificate and private key to the libevent connection option. This change does not introduce any keystores and relies on proper permissions and keys to exist on the system or in the sandbox at the time of the deploy. The introduction of openssl is specifically left as a dynamic link instead of a static link. The reason for this is if there is a vulnerability discovered in an openssl library it will but much easier for the topology owner to simply upgrade the system version of openssl to pick up the fix. If openssl was statically linked into heron it would require re-releasing older heron versions statically linked to the latest openssl version and all topology owners to redownload the release which would make rolling out the fix much harder.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
