Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-14223

Provide ability to do custom certificate validations (e.g. hostname validation, certificate revocation checks)

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Fix Version/s: 4.x
    • Component/s: Local/Config
    • Labels:

      Description

      Cassandra server should be to be able do additional certificate validations, such as hostname validatation and certificate revocation checking against CRLs and/or using OCSP. 

      One approach couild be to have SSLFactory use SSLContext.getDefault() instead of forcing the creation of a new SSLContext using SSLContext.getInstance().  Using the default SSLContext would allow a user to plug in their own custom SSLSocketFactory via the java.security properties file. The custom SSLSocketFactory could create a default SSLContext  that was customized to do any extra validation such as certificate revocation, host name validation, etc.

        Attachments

        1. dsp.tar.gz
          17 kB
          Per Otterström

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                ronblechman Ron Blechman
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated: