Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-3160

Custom User SSLContext

    XMLWordPrintableJSON

Details

    Description

      The Zookeeper libraries currently allow you to set up your SSL Context via system properties such as "zookeeper.ssl.keyStore.location" in the X509Util. This covers most simple use cases, where users have software keystores on their harddrive.

      There are, however, a few additional scenarios that this doesn't cover. Two possible ones would be:

      1. The user has a hardware keystore, loaded in using PKCS11 or something similar.
      2. The user has no access to the software keystore, but can retrieve an already-constructed SSLContext from their container.

      For this, I would propose that the X509Util be extended to allow a user to set a property such as "zookeeper.ssl.client.context" to provide a class which supplies a custom SSL context. This gives a lot more flexibility to the ZK client, and allows the user to construct the SSLContext in whatever way they please (which also future proofs the implementation somewhat).

      I've already completed this feature, and will put in a PR soon for it.

      Attachments

        Activity

          People

            Kenco Alex Rankin
            Kenco Alex Rankin
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 13.5h
                13.5h