[CASSANDRA-19669] Audit Log entries are missing identity for mTLS connections - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 5.1
Component/s: Local/Config
Labels:
None

Bug Category:
Correctness - Recoverable Corruption / Loss
Severity:
Normal
Complexity:
Normal
Discovered By:
Adhoc Test
Platform:

All
Impacts:

None
Since Version:

NA
Source Control Link:

https://github.com/apache/cassandra/commit/bb68141861e77623f0d0b13f72846651a71c1017
Test and Documentation Plan:

Hide

Added tests covering the identity in the audit log entry and code fixes

Show
Added tests covering the identity in the audit log entry and code fixes

Description

Audit log entries are missing the IDENTITY when an mTLS connection is established. Currently, the client state is captured as part of the audit log entries, however the additional metadata for the authenticated user does not get propagated to the entry. For the mTLS connections, this means that the identity information is not included to the log entry details.

Additionally, when a TLS connection is terminated during handshake (say a client is using an expired certificate) the error is not propagated to the audit log failure attempts.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

ci_summary-2.html
10/Jun/24 21:36
172 kB
Francisco Guerrero
ci_summary-1.html
10/Jun/24 18:36
237 kB
Francisco Guerrero
ci_summary.html
10/Jun/24 18:35
237 kB
Francisco Guerrero

Issue Links

links to

GitHub Pull Request #3340

Activity

People

Assignee:: Francisco Guerrero

Reporter:: Francisco Guerrero

Authors:: Francisco Guerrero

Reviewers:: Bernardo Botella, Francisco Guerrero

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 29/May/24 21:11

Updated:: 10/Jun/24 21:37

Resolved:: 10/Jun/24 21:37

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

3h 20m