[RATIS-1747] Support keyManager and trustManager in tlsConfig - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.0.0, 2.5.0
Component/s: security
Labels:
None

Description

Ratis use the security materials passed by Ozone to establish tls connection. Currently, there are two ways to configure tls. For cert, one is cert file based, another is cert objects. For privateKey, one is private key file, another is private key object.

This task aims to support the third way to configure tls. That is, pass in a KeyManager and trustManager object for key and cert. The motivation of this is we want to support certificate dynamic reloading in Ozone when certificate is going to expire and a new certificate is generated to replace the old one.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

785_review.patch
16/Nov/22 20:45
30 kB
Tsz-wo Sze

Issue Links

blocks

HDDS-7332 Automatic certificate rotation before certificate expiration

Resolved

HDDS-7377 Implement certificate hotswap at renewal

Resolved

links to

GitHub Pull Request #785

Activity

People

Assignee:: Sammi Chen

Reporter:: Sammi Chen

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 16/Nov/22 12:08

Updated:: 10/May/23 13:29

Resolved:: 18/Nov/22 20:09

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

2.5h