[CASSANDRA-6847] The binary transport doesn't load truststore file - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Low
Resolution: Fixed
Fix Version/s: 1.2.16, 2.0.7, 2.1 beta2
Component/s: None
Labels:
- ssl

Severity:
Low

Description

org.apache.cassandra.transport.Server.SecurePipelineFactory

this.sslContext = SSLFactory.createSSLContext(encryptionOptions, false);

false there means that truststore file won't be loaded in any case.
And that means that the file will not be used to validate clients when require_client_auth==true, making http://www.datastax.com/documentation/cassandra/2.0/cassandra/security/secureNewTrustedUsers_t.html meaningless.

The only way to workaround that currently is to start C* with -Djavax.net.ssl.trustStore=conf/.truststore

I believe we should load truststore when require_client_auth==true,

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

cassandra-2.0-6847.patch
13/Mar/14 18:29
1 kB
Mikhail Stepura

Issue Links

is related to

CASSANDRA-5031 Add ssl support to binary protocol

Resolved

Activity

People

Assignee:: Mikhail Stepura

Reporter:: Mikhail Stepura

Authors:: Mikhail Stepura

Reviewers:: Sylvain Lebresne

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 12/Mar/14 21:00

Updated:: 16/Apr/19 09:31

Resolved:: 13/Mar/14 20:09