[
https://issues.apache.org/jira/browse/CALCITE-2285?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16497154#comment-16497154
]
Karan Mehta edited comment on CALCITE-2285 at 5/31/18 8:55 PM:
---------------------------------------------------------------
Jetty offers client/server classes which allow dynamic reloading of
{{SslContextFactory}} when ever new certificates are loaded, especially for
short lived certificates. Avatica Client depends on Apache HttpClient lib,
which doesn't offer that feature. Long running Java clients can potentially run
into issues with this.
Any thoughts/ideas? [~alexaraujo] [~risdenk]
I am currently looking into other potential ideas especially how things are
implemented in Jetty and will post soon. I am also looking for approaches where
a reference to {{SSLConnectionSocketFactory}} can be dynamically updated
whenever the underlying cert changes.
was (Author: karanmehta93):
Jetty offers client/server classes which allow dynamic reloading of
{{SslContextFactory}} when ever new certificates are loaded, especially for
short lived certificates. Avatica Client depends on Apache HttpClient lib,
which doesn't offer that feature. Long running Java clients can potentially run
into issues with this.
Any thoughts/ideas? [~alexaraujo] [~risdenk]
I am currently looking into other potential ideas and will post soon.
> Support client cert keystore for Avatica Client
> -----------------------------------------------
>
> Key: CALCITE-2285
> URL: https://issues.apache.org/jira/browse/CALCITE-2285
> Project: Calcite
> Issue Type: Improvement
> Components: avatica
> Reporter: Karan Mehta
> Assignee: Karan Mehta
> Priority: Major
>
> Currently Avatica only supports adding trust-store in {{SSLContext}} in all
> {{AvaticaHttpClient}} implementations. If keystore support it added, MTLS
> connections can be established as well.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
