[CASSANDRA-18124] Config parameter keystore_password should be nullable - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 4.1.2, 5.0-alpha1, 5.0
Component/s: Local/Config
Labels:
None

Bug Category:
Correctness
Severity:
Normal
Complexity:
Normal
Discovered By:
User Report
Platform:

All
Impacts:

None
Since Version:

4.0.0
Source Control Link:

https://github.com/apache/cassandra/commit/bd49f6ff265c8bfa64bf140328ae6736dc4a87bd
Test and Documentation Plan:

Hide

CI

Show
CI

Description

Some SSL configuration may pass unencrypted private keys. PEMReader might accept that by assuming keyPassword to be null in that case (e.g. https://github.com/apache/cassandra/blob/f9e033f519c14596da4dc954875756a69aea4e78/src/java/org/apache/cassandra/security/PEMReader.java#L103).

Current configuration reader does not accept keystore_password parameter to be set null or empty in the cassandra.yaml.

Attachments

Issue Links

relates to

CASSANDRA-17031 Add support for PEM based key material for SSL

Resolved

links to

GitHub Pull Request #2253

GitHub Pull Request #2268

GitHub Pull Request #2273

Activity

People

Assignee:: Maulin Vasavada

Reporter:: Tibor Repasi

Authors:: Maulin Vasavada

Reviewers:: Caleb Rackliffe, Stefan Miklosovic

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 16/Dec/22 15:09

Updated:: 12/Sep/23 13:03

Resolved:: 17/Apr/23 09:14

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

11h 10m