[HADOOP-16517] Allow optional mutual TLS in HttpServer2 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Patch Available
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Target Version/s:

3.5.0

Description

Currently the webservice can enforce mTLS by setting "dfs.client.https.need-auth" on the server side. (The config name is misleading, as it is actually server-side config. It has been deprecated from the client config) A hadoop client can talk to mTLS enforced web service by setting "hadoop.ssl.require.client.cert" with proper ssl config.

We have seen use case where mTLS needs to be enabled optionally for only those clients who supplies their cert. In a mixed environment like this, individual services may still enforce mTLS for a subset of endpoints by checking the existence of x509 cert in the request.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-16517.patch
15/Aug/19 19:28
6 kB
Kihwal Lee
HADOOP-16517.1.patch
21/Aug/19 18:20
8 kB
Kihwal Lee

Activity

People

Assignee:: Kihwal Lee

Reporter:: Kihwal Lee

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 15/Aug/19 18:21

Updated:: 04/Jan/24 11:21