...
This setting ideally should be at a pool level, because different pools may need to use different proxies.
To make it as easy as possible for users to extend our proxy implementation logic or implement their own, we will introduce a more general pool setting which ; a custom SocketFactory. This will allow the users to override the creation of client-server sockets with a custom SocketFactory. We will provide an implementation of this SocketFactory that will connect their client to an a SNI proxy.
The way to configure the SNI proxy will therefore look something like this:
...
/** /**
|
...
This is a client side setting , so there should be no backwards compatibility or upgrade concerns.
One concern with this SocketFactory approach is that is including the use of blocking, Java 1.0 sockets in the API. If , in the future we try to upgrade the internals of the client to use SocketChannel or netty or rsocket, we will have a difficult time continuing to support this SocketFactory API and may break users' custom SocketFactory implementations.
...
Geode also added support to set the SNI field in the client hello as part of GEODE-7414. With those changes , a user can provide a SSLParameterExtension callback that can modify any of the SSLParameters , including the SNI server namefield. If a proxy of type SNI is set and the SSLParameterExtension is also set, the SSLParameterExtension will run after geode has set the SNI namefield, and can potential modify it.
...
What are minor adjustments that had to be made to the proposal since it was approved?
References
[1] Description of URL syntax from Wikipedia article on URLs https://en.wikipedia.org/wiki/URL#Syntax
...