[jira] [Updated] (CASSANDRA-6847) The binary transport doesn't load truststore file

Mikhail Stepura (JIRA) Wed, 12 Mar 2014 14:03:13 -0700

     [ 
https://issues.apache.org/jira/browse/CASSANDRA-6847?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Mikhail Stepura updated CASSANDRA-6847:
---------------------------------------

    Description: 
{code:title=org.apache.cassandra.transport.Server.SecurePipelineFactory}
this.sslContext = SSLFactory.createSSLContext(encryptionOptions, false);
{code}

{false} there means that {{truststore}} file won't be loaded in any case. 
And that means that the file will not be used to validate clients when 
{{require_client_auth==true}}, making 
http://www.datastax.com/documentation/cassandra/2.0/cassandra/security/secureNewTrustedUsers_t.html
 meaningless.

The only way to workaround that currently is to start C* with 
{{-Djavax.net.ssl.trustStore=conf/.truststore}}

I believe we should load  {{truststore}} when {{require_client_auth==true}},


  was:
{code:title=org.apache.cassandra.transport.Server.SecurePipelineFactory}
this.sslContext = SSLFactory.createSSLContext(encryptionOptions, false);
{code}

{false} there means that {{truststore}} file won't be loaded in any case. 
And that means that the file will not be used to validate clients when 
{{require_client_auth==true}}, making 
http://www.datastax.com/documentation/cassandra/2.0/cassandra/security/secureNewTrustedUsers_t.html
 meaningless.

The only way to workaround that currently is to start C* with 
{{-Djavax.net.ssl.trustStore=conf/.truststore}}




> The binary transport doesn't load truststore file
> -------------------------------------------------
>
>                 Key: CASSANDRA-6847
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-6847
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Mikhail Stepura
>            Priority: Minor
>              Labels: ssl
>
> {code:title=org.apache.cassandra.transport.Server.SecurePipelineFactory}
> this.sslContext = SSLFactory.createSSLContext(encryptionOptions, false);
> {code}
> {false} there means that {{truststore}} file won't be loaded in any case. 
> And that means that the file will not be used to validate clients when 
> {{require_client_auth==true}}, making 
> http://www.datastax.com/documentation/cassandra/2.0/cassandra/security/secureNewTrustedUsers_t.html
>  meaningless.
> The only way to workaround that currently is to start C* with 
> {{-Djavax.net.ssl.trustStore=conf/.truststore}}
> I believe we should load  {{truststore}} when {{require_client_auth==true}},



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (CASSANDRA-6847) The binary transport doesn't load truststore file

Reply via email to