You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, I am looking to connect to an NGINX reverse proxy that serves the Thrift traffic into a HiveServer2. To connect securely, I am required to connect using mTLS, but in the Connection object that is being created, I only see the SSL cert being passed for a regular TLS handshake. I am looking to expand this capability to also send a client cert and key to be validated by the server.
I wanted to ask what is the preferred method of adding this. Adding parameters to the object constructor? I would add "client_cert", "client_key", and "ca_cert" with the boolean option of "mtls_proxy". This would have matching conditions to check if the mtls_proxy variable is to be used, and then add the correct certs to the ssl_context for mTLS.
Or, I could add in a parameter called "ssl_context", default it to none, and any time that an ssl_context is provided by the user the connect object will instead use the custom provided ssl_context, allowing the user to provide and specify the use of mTLS.
Please let me know which is preferred, and if this is a valid solution, thank you.
The text was updated successfully, but these errors were encountered:
Hello, I am looking to connect to an NGINX reverse proxy that serves the Thrift traffic into a HiveServer2. To connect securely, I am required to connect using mTLS, but in the Connection object that is being created, I only see the SSL cert being passed for a regular TLS handshake. I am looking to expand this capability to also send a client cert and key to be validated by the server.
I wanted to ask what is the preferred method of adding this. Adding parameters to the object constructor? I would add "client_cert", "client_key", and "ca_cert" with the boolean option of "mtls_proxy". This would have matching conditions to check if the mtls_proxy variable is to be used, and then add the correct certs to the ssl_context for mTLS.
Or, I could add in a parameter called "ssl_context", default it to none, and any time that an ssl_context is provided by the user the connect object will instead use the custom provided ssl_context, allowing the user to provide and specify the use of mTLS.
Please let me know which is preferred, and if this is a valid solution, thank you.
The text was updated successfully, but these errors were encountered: