[jira] [Assigned] (HIVE-21083) Remove the requirement to specify the truststore file location when TLS to the database is turned on

Thu, 03 Jan 2019 09:59:06 -0800 


     [ 
https://issues.apache.org/jira/browse/HIVE-21083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Morio Ramdenbourg reassigned HIVE-21083:
----------------------------------------


> Remove the requirement to specify the truststore file location when TLS to 
> the database is turned on
> ----------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-21083
>                 URL: https://issues.apache.org/jira/browse/HIVE-21083
>             Project: Hive
>          Issue Type: Improvement
>          Components: Metastore, Standalone Metastore
>    Affects Versions: 4.0.0
>            Reporter: Morio Ramdenbourg
>            Assignee: Morio Ramdenbourg
>            Priority: Major
>
> [ObjectStore.configureSSL|https://github.com/apache/hive/blob/master/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java#L349-L382]
>  throws an exception if TLS to the database is turned on 
> (_metastore.dbaccess.ssl.use.SSL_) but a truststore file location 
> (_metastore.dbaccess.ssl.truststore.path_) is not specified.
> However, according to the [JSSE (Java 8) 
> documentation|https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#InstallationAndCustomization],
>  the Java truststore file location system property 
> (_javax.net.ssl.trustStore_) defaults to using the "_jssecacerts_, if it 
> exists. Otherwise, _cacerts_" files. These are the default truststores that 
> come with the Java installation and contain a list of well-known certificate 
> authorities.
> One valid way of supplying certificates to trust is by appending to these 
> default files. In that case, no config changes (other than turning SSL on) 
> are necessary. We should support this case by changing the following logic to 
> remove the requirement for the truststore file location config property:
> {code:java}
> String trustStorePath = MetastoreConf.getVar(conf, 
>         ConfVars.DBACCESS_SSL_TRUSTSTORE_PATH).trim();
> if (trustStorePath.isEmpty()) {
>         throw new IllegalArgumentException("SSL to the database store has 
> been enabled but " + 
>         ConfVars.DBACCESS_SSL_TRUSTSTORE_PATH.toString() + " is empty. "
>         + "Set this property to enable SSL.");
> }
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to