Hi Viktor, Thanks for reviewing the KIP and for your comment. I agree that it makes sense to split them. I do not have any use-case where I would use only one or the other right now. But it is easier to enable two options now than to somehow split the option into two later. I updated the KIP accordingly.
Thanks & Regards Jakub On Tue, Oct 17, 2023 at 2:44 PM Viktor Somogyi-Vass <viktor.somo...@cloudera.com.invalid> wrote: > Hi Jakub, > > I think the KIP looks good overall, and I have one question for now. > Would it make sense to split the config you want to introduce > (ssl.allow.dn.and.san.changes) into two configs? Would users want to enable > one but not the other? > > Thanks, > Viktor > > On Wed, Sep 13, 2023 at 10:00 PM Jakub Scholz <ja...@scholz.cz> wrote: > > > Hi all, > > > > I would like to start the discussion about the KIP-978: Allow dynamic > > reloading of certificates with different DN / SANs > > < > > > https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=263429128 > > >. > > It proposes adding an option to disable the current validation of the DN > > and SANs when dynamically changing the keystore. Please have a look and > let > > me know your thoughts ... > > > > Thanks & Regards > > Jakub > > >
