New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[fix][client] Fix load the trust store file #19483
Conversation
90ff8ff
to
413a3aa
Compare
/pulsarbot rerun-failure-checks |
pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
@nodece - are there any other configurations we should update to make pulsar more easily use the OS's trust stores?
We don't need any configuration. The TLS provider has taken care of that for us. |
Signed-off-by: Zixuan Liu <nodeces@gmail.com>
3b8ceec
to
83c95f1
Compare
@nodece - I think it would be helpful to update the relevant configuration files to indicate that users are able to use the OS's truststore by passing nothing. It's a pretty obvious default, but because we didn't support it before, I think it is worth documenting. What do you think? |
@michaeljmarshall Good idea. |
Codecov Report
@@ Coverage Diff @@
## master #19483 +/- ##
============================================
+ Coverage 60.44% 62.21% +1.76%
- Complexity 3494 25833 +22339
============================================
Files 1832 1844 +12
Lines 135153 135517 +364
Branches 14871 14917 +46
============================================
+ Hits 81693 84311 +2618
+ Misses 45869 43438 -2431
- Partials 7591 7768 +177
Flags with carried forward coverage won't be shown. Click here to find out more.
|
Signed-off-by: Zixuan Liu <nodeces@gmail.com> (cherry picked from commit 6d3e483)
Signed-off-by: Zixuan Liu <nodeces@gmail.com> (cherry picked from commit 6d3e483)
Signed-off-by: Zixuan Liu <nodeces@gmail.com> (cherry picked from commit 6d3e483)
Signed-off-by: Zixuan Liu <nodeces@gmail.com> (cherry picked from commit 6d3e483)
Motivation
When the trust store file is empty, we can skip loading the trust store file, because there is using the trust store file from the operating system.
Modifications
tlsTrustStorePath
to theKeyStoreSSLContext
Documentation
doc
doc-required
doc-not-needed
doc-complete