[
https://issues.apache.org/jira/browse/CASSANDRA-7528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14057683#comment-14057683
]
Brandon Williams commented on CASSANDRA-7528:
---------------------------------------------
AFAICT, you must cast it anyway to get to getNotAfter, so there's slight
savings to be had with the check.
> certificate not validated for internode SSL encryption.
> -------------------------------------------------------
>
> Key: CASSANDRA-7528
> URL: https://issues.apache.org/jira/browse/CASSANDRA-7528
> Project: Cassandra
> Issue Type: Improvement
> Components: Core
> Environment: Amazon Linux on various AWS EC2 instance types.
> Reporter: Joseph Clark
> Assignee: Brandon Williams
> Fix For: 2.0.10, 2.1.0
>
> Attachments: 7528.txt
>
>
> An expired certificate may be used to encrypt internode communication.
> To reproduce, set the server_encryption_options to enable internode
> encryption. Add the private key to the specified .keystore, and an expired
> certificate generated using the private key to the specified truststore. The
> same keys are used far all cassandra nodes in the cluster.
> When cassandra is started, it is able to communicate with other cassandra
> nodes even though the certificate is expired.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
