Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-9589

Backport OAK-9451 to oak-1.8

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Major
    • Resolution: Invalid
    • None
    • None
    • segment-tar

    Description

      The cold standby is able to do SSL connections to the primary, but currently only using on-the-fly generated certificates. This means that data is transferred over an encrypted connection but there is no protection against a man in the middle yet.

      With this issue we want to:

      • make server and client certificates configurable
      • optionally validate the client certificate
      • optionally only allow matching subjects in client and server certificates

      This has been fixed in trunk and 1.22 branches, need to backport it to 1.8.

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. OAK-9677 Standby mode not working anymore in Oak 1.8.25

          • Major - Major loss of function.
          • Closed
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. OAK-9451 Cold Standby SSL certificates should be configurable

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #384

          Activity

            People

              Unassigned Unassigned
              kunal3112 Kunal Shubham
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: