Add new use system truststore flag to JDBC driver and CLI #10482
Conversation
|
Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. In order for us to review and merge your code, please submit the signed CLA to [email protected]. For more information, see https://github.com/trinodb/cla. |
|
Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. In order for us to review and merge your code, please submit the signed CLA to [email protected]. For more information, see https://github.com/trinodb/cla. |
Cromat82
force-pushed
the
jdbc/defaultTrustStore
branch
from
d4d4643
to
efd5d6b
Compare
|
Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. In order for us to review and merge your code, please submit the signed CLA to [email protected]. For more information, see https://github.com/trinodb/cla. |
|
@cla-bot check |
|
The cla-bot has been summoned, and re-checked this pull request! |
Cromat82
force-pushed
the
jdbc/defaultTrustStore
branch
from
821aca7
to
11ff78a
Compare
Cromat82
force-pushed
the
jdbc/defaultTrustStore
branch
from
11ff78a
to
88a0642
Compare
client/trino-client/src/main/java/io/trino/client/OkHttpUtil.java
Outdated
Show resolved
Hide resolved
|
@electrum do I need to do something else for this PR or is it going to be merged into the next release? |
Cromat82
force-pushed
the
jdbc/defaultTrustStore
branch
from
d40970c
to
e7c663f
Compare
Cromat82
force-pushed
the
jdbc/defaultTrustStore
branch
from
e7c663f
to
4f943eb
Compare
Cromat82
force-pushed
the
jdbc/defaultTrustStore
branch
from
4f943eb
to
38ff249
Compare
Add a new flag to use the default system truststore instead of manually specifying one. When the flag is set to 'true', the client automatically selects the appropriate system key store based on the machine OS, the keystore specification can be overridden by using the truststore type parameter if necessary.
Ensure that the JDBC driver doesn't allow the truststore path parameter when the use system truststore flag is set
Add more details about the new use system truststore flag
Set the default system TrustStore type to the Windows ROOT CA keystore and expand the flag documentation. This make Trino client use the ROOT CA certificate keystore to validate the server identity, users can alternatively set the TrustStore type to Windows-MY if verifying against the server certificate itself is needed.
Cromat82
force-pushed
the
jdbc/defaultTrustStore
branch
from
38ff249
to
5afef8d
Compare
|
@Cromat82 Sorry, I reviewed this during the release window and forgot to merge it later. |
This PR adds a new flag to enable using the default system truststore instead of manually specifying one.
When the flag is provided, the client chooses the appropriate truststore based on the running OS (namely Windows and MacOS) or else loads the default truststore; the specification can be overridden by using the existing truststore type parameter.