Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-14991

SSL Cert Hot Reloading should check for sanity of the new keystore/truststore before loading it

    Details

    • Severity:
      Normal

      Description

      SSL Cert Hot Reloading assumes that the keystore & truststore are valid. However, a corrupt store or a password mismatch can cause Cassandra to fail accepting new connections as we throw away the old SslContext. This patch will ensure that we check the sanity of the certificates during startup and during hot reloading. This should protect against bad key/trust stores. As part of this PR, I have cleaned up the code a bit.

        Attachments

          Activity

            People

            • Assignee:
              djoshi3 Dinesh Joshi
              Reporter:
              djoshi3 Dinesh Joshi
              Authors:
              Dinesh Joshi
              Reviewers:
              Ariel Weisberg
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: