Right now, the "metastore.dbaccess.ssl.use.SSL" (Use SSL) property is opaque and not useful. It does not provide any value, beyond allowing the "metastore.dbaccess.ssl.truststore.*" (Truststore) properties to be used.
We should reconsider the use of this property, and whether or not we should simply remove it, or provide more functionality. At the very least, we should prevent the "Truststore" properties from having to use the "Use SSL" to be effective. It just adds an extra configuration with very little value.
Some ideas on how to improve the "Use SSL" property (and their challenges) include:
- Automatically append the database-specific SSL flag to the JDBC String (javax.jdo.option.ConnectionURL). E.g. append "sslmode=verify" for a MySQL database.
- Challenge: We would have to maintain database version and type compatibility with the JDBC parameters. They change based on version and type. Would be difficult to constantly update.
- Remove the property, and allow the user to configure the "Truststore" property and JDBC URL string at their own accord.