Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-3931 Implement Transport Encryption (SSL/TLS)
  3. FLINK-5030

Support hostname verification

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • None
    • None
    • Runtime / Coordination
    • None

    Description

      See Dangerous Code and further commentary for useful background.

      When hostname verification is performed, it should use the hostname (not IP address) to match the certificate. The current code is wrongly using the address.

      In technical terms, ensure that calls to `SSLContext::createSSLEngine` supply the expected hostname, not host address.

      Please audit all SSL setup code as to whether hostname verification is enabled, and file follow-ups where necessary. For example, Akka 2.4 supports it but 2.3 doesn't (ref).

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. FLINK-1559 Normalize all Akka URLs to use IP addresses, not hostnames

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #3023

          Web Link GitHub Pull Request #3061

          Activity

            People

              eronwright Eron Wright
              eronwright Eron Wright
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: