Flume, mail # user - Re: Adding SSL peer cert info to AvroSource - 2014-01-31, 03:22
Solr & Elasticsearch trainings in New York & San Francisco [more info][hide]
 Search Hadoop and all its subprojects:

Switch to Threaded View
Copy link to this message
-
Re: Adding SSL peer cert info to AvroSource
I am not an expert in the JSSE API, so without specifics regarding APIs you
are trying to use I don't think I can be of much help. From browsing around
a little bit, it looks like we can simply have the server specify the CA
certs that it respects and the client will attempt to use one of the certs
in its store that is signed by one of them. Maybe this StackOverflow thread
will help?
http://stackoverflow.com/questions/3712366/choosing-ssl-client-certificate-in-java

Also the JSSE reference guide:
http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html
And of course, the Flume Avro Source (check the Netty pipeline factory
part):
https://github.com/apache/flume/blob/trunk/flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java#L452

The logic you are describing regarding a fallback CA sounds somewhat
complicated. I'd bet you can make those requirements fit into how the JSSE
API was designed and have it require only one SSL handshake sequence by
having the server specify multiple acceptable CAs to the client.
On Thu, Jan 30, 2014 at 12:29 AM, Pritchard, Charles X. -ND <
[EMAIL PROTECTED]> wrote:
 
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB