Github user StephanEwen commented on the issue:
https://github.com/apache/flink/pull/5966
This PR is subsumed by #6326
---
Github user StephanEwen commented on the issue:
https://github.com/apache/flink/pull/5966
@EronWright Just saw this - I have concurrently reworked this PR into #6326
which does things more cleanly. I would like to get that PR in for 1.6 (got
many users asking for this).
I
Github user EronWright commented on the issue:
https://github.com/apache/flink/pull/5966
@StephanEwen I would like to work on this issue, building on your PR, would
that be OK?
---
Github user StephanEwen commented on the issue:
https://github.com/apache/flink/pull/5966
I would move ahead with this PR as follows:
- Separate internal and external SSL config
- Activate SSL client auth for akka, netty, and blob server (pure
internal communication)
Github user EronWright commented on the issue:
https://github.com/apache/flink/pull/5966
To be honest I don't see a great need to support anything other than a
single trusted certificate for internal communication.We could easily build
some conveniences around that, like
Github user StephanEwen commented on the issue:
https://github.com/apache/flink/pull/5966
I agree, we need different key/truststores for the internal/external
connectivity. This PR was meant as a step in that direction, separating at
least within the SSL Utils the internal and
Github user EronWright commented on the issue:
https://github.com/apache/flink/pull/5966
This looks great but let's please separate the intra-cluster SSL
configuration options from the external-cluster options. In particular, the
web/API endpoints should be governed by a different
Github user GJL commented on the issue:
https://github.com/apache/flink/pull/5966
This is relevant
http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/Discuss-FLIP-26-SSL-Mutual-Authentication-td22188.html
---
Github user GJL commented on the issue:
https://github.com/apache/flink/pull/5966
I will take a look at this later today.
---
Github user StephanEwen commented on the issue:
https://github.com/apache/flink/pull/5966
@EronWright This might be interesting to you as well
---
10 matches
Mail list logo