Details
-
Improvement
-
Status: Open
-
Normal
-
Resolution: Unresolved
Description
Cassandra server should be to be able do additional certificate validations, such as hostname validatation and certificate revocation checking against CRLs and/or using OCSP.
One approach couild be to have SSLFactory use SSLContext.getDefault() instead of forcing the creation of a new SSLContext using SSLContext.getInstance(). Using the default SSLContext would allow a user to plug in their own custom SSLSocketFactory via the java.security properties file. The custom SSLSocketFactory could create a default SSLContext that was customized to do any extra validation such as certificate revocation, host name validation, etc.
Attachments
Attachments
Issue Links
- relates to
-
CASSANDRA-13314 Config file based SSL settings
- Resolved