kay-owolabi opened a new pull request, #12194: URL: https://github.com/apache/pinot/pull/12194
## Summary This pull request introduces improvements to the SSL context handling in `JsonAsyncHttpPinotClientTransport` and `PinotControllerTransport` within Apache Pinot. The primary goal is to address the issue of SSL handshake failures during dynamic certificate rotation, as discussed in [#12100](https://github.com/apache/pinot/issues/12100). ## Changes - **Dynamic SSL Context**: Implemented a mechanism to dynamically set and refresh the `SSLContext` based on `TlsConfig`. This change ensures that the SSL context is correctly updated in scenarios where the client certificate or TLS configuration changes. - **Deprecated Constructor Replacement**: Replaced the deprecated usage of `JdkSslContext` in `AsyncHttpClient` with `TlsUtils.buildClientContext(tlsConfig)`, enhancing the SSL context construction to be more adaptable to changes. ## Testing and Validation - Conducted thorough testing to simulate certificate rotations and validate the successful completion of SSL/TLS handshakes with the updated certificates. - Ensured that the new SSL context handling mechanism is consistent with the existing functionalities and does not introduce regressions. ## Impact and Benefits - **Resolves Handshake Failures**: This fix directly addresses the handshake failures in long-running JDBC clients post-certificate rotation, enhancing the stability and reliability of SSL/TLS connections. - **Future-Proofing**: The changes lay the groundwork for more dynamic and robust SSL/TLS configuration management within Apache Pinot, accommodating evolving security requirements. I welcome any feedback or suggestions on these changes and look forward to your reviews. Thank you for considering this contribution to Apache Pinot. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For additional commands, e-mail: commits-h...@pinot.apache.org
