[jira] [Commented] (KAFKA-2656) Default SSL keystore and truststore config are unusable

Wed, 14 Oct 2015 15:24:03 -0700 

    [ 
https://issues.apache.org/jira/browse/KAFKA-2656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14957933#comment-14957933
 ] 

ASF GitHub Bot commented on KAFKA-2656:
---------------------------------------

GitHub user rajinisivaram opened a pull request:

    https://github.com/apache/kafka/pull/312

    KAFKA-2656: Remove hardcoded default key and truststores

    Removed default hardcoded keystore and truststore in /tmp so that default 
JVM keystore/truststore may be used when keystore/truststore is not specified 
in Kafka server or client properties

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/rajinisivaram/kafka KAFKA-2656

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/kafka/pull/312.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #312
    
----
commit 0544c4dd5d504ec1e8f6dcb31004493912c2c587
Author: Rajini Sivaram <[email protected]>
Date:   2015-10-14T22:16:57Z

    KAFKA-2656: Remove hardcoded default key and truststores to enable JVM 
defaults to be used

----


> Default SSL keystore and truststore config are unusable
> -------------------------------------------------------
>
>                 Key: KAFKA-2656
>                 URL: https://issues.apache.org/jira/browse/KAFKA-2656
>             Project: Kafka
>          Issue Type: Bug
>            Reporter: Rajini Sivaram
>            Assignee: Rajini Sivaram
>            Priority: Critical
>             Fix For: 0.9.0.0
>
>
> Default truststore for clients and default key and truststore for Kafka 
> server are set to files in /tmp along with simplistic passwords. Since no 
> sample stores are packaged with Kafka anyway, there is no value in hardcoded 
> paths and passwords as defaults. 
> Moreover these defaults prevent the use of standard javax.net.ssl properties. 
> And they force truststores to be set in Kafka configuration even when 
> certificates are signed by a trusted authority included in the Java cacerts.
> Default keystores and truststores should be replaced with JVM defaults.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to