Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-28317

RpcCallContext should expose client's TLS certificate

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • None
    • 2.6.0, 3.0.0-beta-2
    • None
    • None
    • Adds RpcCallContext.getClientCertificateChain() for accessing the SSL cert when TLS is enabled and a cert is available.

    Description

      At my employer we plan on using a coprocessor to log information about some requests to HBase. For this to be useful to us, we need to know who each request is coming from. We use HBase's TLS support with mutual authentication to authenticate clients. I'd like a way to expose the client certificate used on a request to coprocessors. For setups using Kerberos authentication, RpcCall exposes the Kerberos principal shortname via getRequestUser(), so this would be the TLS equivalent to that.

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. HBASE-28336 Fix casting bug in NettyRpcServer introduced in HBASE-28317

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link GitHub Pull Request #5644

          Activity

            People

              charlesconnell Charles Connell
              charlesconnell Charles Connell
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: