[
https://issues.apache.org/jira/browse/CASSANDRA-18124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17699105#comment-17699105
]
Maulin Vasavada edited comment on CASSANDRA-18124 at 3/10/23 8:36 PM:
----------------------------------------------------------------------
Thanks [~brandon.williams] . [~smiklosovic] While modifying the code to allow
null password configuration for the PEM I am running into a challenge due to
the default logic to fallback to `keystore_password` configuration in case
`key_password` configuration (created for the PEM) is null/missing. Due to that
fallback logic we have to change default for the `keystore_password` also to be
null (specifically in EncryptionOptions.java). I think we have two options-
# Drop the fallback logic reading the `keystore_password` in case of PEM keys.
## This fallback logic was done primarily to support a use-case for PEM keys
provided in a file with existing `keystore` configuration in which case it also
makes sense to continue read the key password from the
`keystore_password`configuration.
# Make `keystore_password` nullable configuration which means removing the
default value injected by EncryptionOptions.java
## I think we can make this nullable since practically operators might not
have JKS keystores without the passwords except for a missed-configuration
use-case AND for PEM it makes perfect sense to allow null password for the
unencrypted keys.
## However, since we are changing the default for an older configuration, we
have to give more thoughts on its effect on existing systems.
Let me see what 2nd option entails (in terms of tests etc) while you provide
you thoughts on this.
was (Author: maulin.vasavada):
Thanks [~brandon.williams] . [~smiklosovic] While modifying the code to allow
null password configuration for the PEM I am running into a challenge due to
the default logic to fallback to `keystore_password` configuration in case
`key_password` configuration (created for the PEM) is null/missing. Due to that
fallback logic we have to change default for the `keystore_password` also to be
null (specifically in EncryptionOptions.java). I think we have two options-
# Drop the fallback logic reading the `keystore_password` in case of PEM keys.
## This fallback logic was done primarily to support a use-case for PEM keys
provided in a file with existing `keystore` configuration in which case it also
makes sense to continue read the key password from the
`keystore_password`configuration.
# Make `keystore_password` nullable configuration which means removing the
default value injected by EncryptionOptions.java
## I think we can make this nullable since practically operators might not
have JKS keystores with the passwords except for a missed-configuration
use-case AND for PEM it makes perfect sense to allow null password for the
unencrypted keys.
## However, since we are changing the default for an older configuration, we
have to give more thoughts on its effect on existing systems.
Let me see what 2nd option entails (in terms of tests etc) while you provide
you thoughts on this.
> Config parameter keystore_password should be nullable
> -----------------------------------------------------
>
> Key: CASSANDRA-18124
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18124
> Project: Cassandra
> Issue Type: Bug
> Components: Local/Config
> Reporter: Tibor Repasi
> Assignee: Maulin Vasavada
> Priority: Normal
> Fix For: 4.1.x, 5.x
>
>
> Some SSL configuration may pass unencrypted private keys. PEMReader might
> accept that by assuming keyPassword to be null in that case (e.g.
> https://github.com/apache/cassandra/blob/f9e033f519c14596da4dc954875756a69aea4e78/src/java/org/apache/cassandra/security/PEMReader.java#L103).
> Current configuration reader does not accept keystore_password parameter to
> be set null or empty in the cassandra.yaml.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
