AlexanderKM opened a new pull request, #17315: URL: https://github.com/apache/pinot/pull/17315
### Context This change moves the [HttpsSegmentFetcher](https://github.com/apache/pinot/blob/master/pinot-common/src/main/java/org/apache/pinot/common/utils/fetcher/HttpsSegmentFetcher.java#L59) to be able to use the renewable SSL context from `TlsUtils`. We found that peer fetching was not working for our setup which is using `TlsUtils` everywhere else for communication with SSL. The `ClientSSLContextGenerator` relies on [old configuration](https://github.com/apache/pinot/blob/master/pinot-common/src/main/java/org/apache/pinot/common/utils/ClientSSLContextGenerator.java#L46-L47) which we do not use anymore, like `client.pkcs12.file` etc. ### Testing I tested this explicitly by deleting a realtime segment in our S3 deep store, and deleting the segment from a server directly (`rm -rf ...`) and then resetting the segment. The server was able to successfully fetch the segment from its online peer. ### Alternatives / Questions 1. An alternative would be to change this without an optional config, but I wanted to keep this backwards compatible. 2. Is there a different config I should be re-using here that already covers this? I see some code paths [checking for tls keystore path](https://github.com/apache/pinot/blob/master/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/BaseServerStarter.java#L636-L638) and others just relying on a null value like here: https://github.com/apache/pinot/blob/master/pinot-common/src/main/java/org/apache/pinot/common/utils/http/HttpClient.java#L106 . In this case, the change could be just `_httpClient = new FileUploadDownloadClient(HttpClientConfig.newBuilder(config).build());` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
