[
https://issues.apache.org/jira/browse/BOOKKEEPER-588?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15783153#comment-15783153
]
Enrico Olivelli commented on BOOKKEEPER-588:
--------------------------------------------
I have updated the PR with the support for sending client certificates and the
support on the bookie side to validate such certificates using an AuthPlugin
(see the testcases for examples)
Remaining implementations:
- tests about ciphers and protocols
- the "(!inetAddr.isUnresolved()) " trick and test cases if possible
[~jujjuri] I think that most of the work is done, can you start a review ?
[~jujjuri] I wonder if the fix for inetAddr.isUnresolved() is really useful,
did you implement it because of real problems ?
[~jujjuri] [~hustlmsp] Do you think we should implement an "official" box
AuthPlugin which enforces SSL Mutual Authentication (with the check on a list
of "trusted" Certificates and the timer which drops connections to expired
certificates) ?
Maybe we can open a new issue ?
Does anyone have experience on cipher suites and TLS protocols ?
I would like to implement some testcase which can work on most all the JDKs.
Maybe there is no actual need to implement such test cases
> SSL support
> -----------
>
> Key: BOOKKEEPER-588
> URL: https://issues.apache.org/jira/browse/BOOKKEEPER-588
> Project: Bookkeeper
> Issue Type: Sub-task
> Reporter: Ivan Kelly
> Assignee: Enrico Olivelli
> Fix For: 4.5.0
>
> Attachments: 0001-MutualTLS-for-Bookkeeper.patch,
> 0004-BOOKKEEPER-588-SSL-support-for-bookkeeper.patch
>
>
> SSL support using startTLS
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
