-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new use system truststore flag to JDBC driver and CLI #10482
Conversation
Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. In order for us to review and merge your code, please submit the signed CLA to [email protected]. For more information, see https://github.com/trinodb/cla. |
Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. In order for us to review and merge your code, please submit the signed CLA to [email protected]. For more information, see https://github.com/trinodb/cla. |
d4d4643
to
efd5d6b
Compare
Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. In order for us to review and merge your code, please submit the signed CLA to [email protected]. For more information, see https://github.com/trinodb/cla. |
@cla-bot check |
The cla-bot has been summoned, and re-checked this pull request! |
821aca7
to
11ff78a
Compare
11ff78a
to
88a0642
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apologies for the long time to review
client/trino-client/src/main/java/io/trino/client/OkHttpUtil.java
Outdated
Show resolved
Hide resolved
@electrum do I need to do something else for this PR or is it going to be merged into the next release? |
d40970c
to
e7c663f
Compare
e7c663f
to
4f943eb
Compare
4f943eb
to
38ff249
Compare
Add a new flag to use the default system truststore instead of manually specifying one. When the flag is set to 'true', the client automatically selects the appropriate system key store based on the machine OS, the keystore specification can be overridden by using the truststore type parameter if necessary.
Ensure that the JDBC driver doesn't allow the truststore path parameter when the use system truststore flag is set
Add more details about the new use system truststore flag
Set the default system TrustStore type to the Windows ROOT CA keystore and expand the flag documentation. This make Trino client use the ROOT CA certificate keystore to validate the server identity, users can alternatively set the TrustStore type to Windows-MY if verifying against the server certificate itself is needed.
38ff249
to
5afef8d
Compare
@Cromat82 Sorry, I reviewed this during the release window and forgot to merge it later. |
This PR adds a new flag to enable using the default system truststore instead of manually specifying one.
When the flag is provided, the client chooses the appropriate truststore based on the running OS (namely Windows and MacOS) or else loads the default truststore; the specification can be overridden by using the existing truststore type parameter.