Pritchard, Charles X. -N.... 2014-01-29, 20:27
Mike Percy 2014-01-30, 02:45
Pritchard, Charles X. -N.... 2014-01-30, 08:32
Mike Percy 2014-01-31, 03:22
Pritchard, Charles X. -N.... 2014-02-03, 18:52
Mike Percy 2014-02-08, 00:26
Pritchard, Charles X. -N.... 2014-02-08, 01:16
Mike Percy 2014-02-08, 02:33
Pritchard, Charles X. -N.... 2014-02-08, 02:51
-Re: Adding SSL peer cert info to AvroSource
Mike Percy 2014-02-08, 04:13
On Fri, Feb 7, 2014 at 6:50 PM, Pritchard, Charles X. -ND <
[EMAIL PROTECTED]> wrote:
Does it need to be the client CN? Can it be the client hostname? If so, why
not just add that info to the event on the client side or with a hostname
interceptor on the previous hop?
I don't think I fully understand why you're doing it this way, but I guess
you're saying you want to mark the event as having been accepted from a
validated source, and you want to identify that source.
Another way to do this is to have the client mark his event with some
source header, and have an interceptor that marks that the event made it
through the source with some tag. Do you think that would be sufficient?
I see what you're saying about the responder though... because it's an Avro
thing, you might have to modify Avro code to get to the SSL context. Might
be tricky. I haven't spent a lot of time on this but maybe you could write
a responder that hands off the request to the avro responder after doing
whatever it needs to do. I see what you're saying though, because of the
way the Avro proxy stuff works, it goes through a bunch of funky
reflection, etc. That makes it hard to get back out once you go in, if you
know what I'm saying.
If I do understand what you’re saying: any other servers in a distributed
Yeah, that was my point. :)
Ashish 2014-02-11, 07:00