[
https://issues.apache.org/jira/browse/HIVE-23958?focusedWorklogId=468666&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-468666
]
ASF GitHub Bot logged work on HIVE-23958:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 10/Aug/20 14:47
Start Date: 10/Aug/20 14:47
Worklog Time Spent: 10m
Work Description: nrg4878 commented on pull request #1342:
URL: https://github.com/apache/hive/pull/1342#issuecomment-671400530
> > The HttpServer has a Builder class that does not have support for
setting the keystore type. Should we add a method to the builder to be able to
build with a KS type and/or automatically set the default keystore when the
KeystorePath/KeystorePassword is set?
>
> This could be a separate change - I don't want to change it here since it
didn't seem to have any benefit. The builder isn't used in this code path and
instead it is hardcoded to `JKS` inside of Jetty and Thrift. This change passes
the JDK preferred keystore type instead of relying on `JKS` being hardcoded by
libraries.
>
> I didn't feel it was necessary to expose this as another config option to
add to hive-site.xml - since the JDK already has a way to configure this with
the `keystore.type` config in the JDK. Since it hasn't come up previously, I'm
assuming that no one has tried to change the keystore type in HS2 and so it
doesn't need a Hive specific config today. This change doesn't stop someone
from adding a config down the line if necessary.
>
> > HiveServer2 class has some SSL settings for WebUI stuff. Should the
keystore type also be set here?
>
> The HiveServer2 class eventually falls back to HttpServer to build the
Jetty server - so this change covers both the WebUI and other usages by Hive.
Sounds good then. The change looks good to me otherwise.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 468666)
Time Spent: 40m (was: 0.5h)
> HiveServer2 should support additional keystore/truststores types besides JKS
> ----------------------------------------------------------------------------
>
> Key: HIVE-23958
> URL: https://issues.apache.org/jira/browse/HIVE-23958
> Project: Hive
> Issue Type: Improvement
> Components: HiveServer2
> Reporter: Kevin Risden
> Assignee: Kevin Risden
> Priority: Major
> Labels: pull-request-available
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Currently HiveServer2 (through Jetty and Thrift) only supports JKS (and
> PCKS12 based on JDK fallback) keystore/truststore types. There are additional
> keystore/truststore types used for different applications like for FIPS
> crypto algorithms. HS2 should support the default keystore type specified for
> the JDK and not always use JKS.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
