[#2132] Migrate SSL support away from ThreadLocal, support key alias and default to pkcs12#2133
[#2132] Migrate SSL support away from ThreadLocal, support key alias and default to pkcs12#2133mattrpav wants to merge 3 commits into
Conversation
mattrpav
force-pushed
the
gh-2132-ssl-reload-alias
branch
2 times, most recently
from
83e22b7 to
b458792
Compare
mattrpav
changed the title
mattrpav
changed the title
mattrpav
changed the title
mattrpav
changed the title
- DefaultSslContext (remove active usage of ThreadContextSslContext) - Add per-connector sslContect - Add per-networkConnector sslContext - Add ComptibleSslContext to bridge Spring for a non-ThreadLocalSslContext
mattrpav
force-pushed
the
gh-2132-ssl-reload-alias
branch
from
02cb65e to
20a8b36
Compare
|
This is a pretty major refactor and needs to be reviewed carefully before merging. I assume this will not be backported and only be targeted for 6.3.0 due to the major changes. @mattrpav - are there breaking API changes here? a quick look showed old methods delegating to the new ones so I don't think so but we don't want to break anyone who upgrades |
|
@cshannon correct, this is only for 6.3.0. The original SslContext is renamed ThreadLocalSslContext and remains if anyone needs previous behavior exactly. The ComaptibleSslContext provides same method signature as the ThreadLocalSslContexr for historical compatibility for wiring of arrays v lists, but removes the ThreadLocal usage. The DefaultThreadLocalContext becomes the new default. This change removes all ThreadLocalSslContext usage and updates transportConnectors and networkConnectors to support having independent SSLContexts as needed. They all fall back to the broker-wide one as before, if an independent sslcontext is not configured. |
2 participants
No description provided.