[CASSANDRA-18034] Adding endpoint verification option to client_encryption_options - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 4.1-rc1, 4.1
Component/s: Messaging/Client
Labels:
None

Change Category:
Semantic
Complexity:
Normal
Platform:

All
Impacts:

None
Source Control Link:

https://github.com/apache/cassandra/commit/36e16ee3c911c710129fcf3a69595038c3dbd385
Test and Documentation Plan:

Hide

Added test cases to validate various scenarios.

https://github.com/apache/cassandra/pull/1995

Show
Added test cases to validate various scenarios. https://github.com/apache/cassandra/pull/1995

Description

Add a new property `client_encryption_options.require_endpoint_verification` in cassandra.yaml to enable endpoint verification on client connections optionally. When this property is set to true, the IP/hostname of the client is verified against the IP/hostname that is present in the SAN of the client certificates. This would help in preventing clients stealing certificates from the hosts and using them while connecting to cassandra.

Attachments

Activity

People

Assignee:: Jyothsna Konisa

Reporter:: Jyothsna Konisa

Authors:: Jyothsna Konisa

Reviewers:: Jon Meredith, Yifan Cai

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 10/Nov/22 18:28

Updated:: 16/Dec/22 21:47

Resolved:: 16/Nov/22 00:07

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m