Matthias Brandt created CASSANDRA-10970:
-------------------------------------------
Summary: SSL/TLS: Certificate Domain is ignored
Key: CASSANDRA-10970
URL: https://issues.apache.org/jira/browse/CASSANDRA-10970
Project: Cassandra
Issue Type: Bug
Reporter: Matthias Brandt
I've set up server_encryption_options as well as client_encryption_options. In
both settings, I use the same keystore with an wild-card SSL certificate in it.
It is signed by our own CA, which root certificate is in the configured
truststore:
{code}
server_encryption_options:
internode_encryption: all
keystore: /etc/cassandra/conf/wildcard-cert.keystore
keystore_password: ""
truststore: /etc/cassandra/conf/hpo-cacerts
truststore_password: changeit
require_client_auth: true
client_encryption_options:
enabled: true
keystore: /etc/cassandra/conf/wildcard-cert.keystore
keystore_password: ""
require_client_auth: false
{code}
The certifcate's subject is:
{code}CN=*.my.domain.com,OU=my unit,O=my org{code}
When I deploy this setting on a server which domain is
node1.my.*other-domain*.com a connection via cqlsh wrongly works. Additionally,
the inter-node connection between other nodes in this wrong domain also works.
I would expect that the connection would fail with a meaningful error message.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
