Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-14223

Provide ability to do custom certificate validations (e.g. hostname validation, certificate revocation checks)

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Normal
    • Resolution: Unresolved
    • 5.x
    • Local/Config

    Description

      Cassandra server should be to be able do additional certificate validations, such as hostname validatation and certificate revocation checking against CRLs and/or using OCSP. 

      One approach couild be to have SSLFactory use SSLContext.getDefault() instead of forcing the creation of a new SSLContext using SSLContext.getInstance().  Using the default SSLContext would allow a user to plug in their own custom SSLSocketFactory via the java.security properties file. The custom SSLSocketFactory could create a default SSLContext  that was customized to do any extra validation such as certificate revocation, host name validation, etc.

      Attachments

        1. dsp.tar.gz
          17 kB
          Per Otterström

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. CASSANDRA-13314 Config file based SSL settings

          • Low -
          • Resolved

          Activity

            People

              Unassigned Unassigned
              ronblechman Ron Blechman
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated: