[
https://issues.apache.org/jira/browse/CASSANDRA-13404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15955710#comment-15955710
]
Jason Brown commented on CASSANDRA-13404:
-----------------------------------------
To back up and add a bit more context (for myself, if anything), where do you
want to add the additional hostname verification? Can you explain the specific
behavior you're looking to add? The attached patch adds hostname verification
on the server-side, where we listen for client connections. Adding hostname
verification to the server-side of a TLS connection doesn't make much sense
without requiring client auth, correct? Further, this would require the
database server to know *all* of the possible peers that would want to connect
to it, before the process starts.
Please let me know if I'm misunderstanding something here.
Also, I've spoken with the netty developers, and they said netty currently does
not support (in either netty 4.0 or 4.1) the ability to perform hostname
verification on the server side (either openssl or jdk ssl). Thus, I'm not sure
how you verified your patch behaves correctly.
> Hostname verification for client-to-node encryption
> ---------------------------------------------------
>
> Key: CASSANDRA-13404
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13404
> Project: Cassandra
> Issue Type: New Feature
> Reporter: Jan Karlsson
> Assignee: Jan Karlsson
> Fix For: 4.x
>
> Attachments: 13404-trunk.txt
>
>
> Similarily to CASSANDRA-9220, Cassandra should support hostname verification
> for client-node connections.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
