cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aleksey Yeschenko (JIRA)" <j...@apache.org>
Subject [jira] [Reopened] (CASSANDRA-5120) Add support for SSL sockets to use client certificate authentication.
Date Mon, 25 Feb 2013 14:36:12 GMT

     [ https://issues.apache.org/jira/browse/CASSANDRA-5120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Aleksey Yeschenko reopened CASSANDRA-5120:
------------------------------------------


I've got a feeling that this doesn't actually work.

{noformat}
                final ClientEncryptionOptions clientEnc = DatabaseDescriptor.getClientEncryptionOptions();
                if (clientEnc.enabled)
                {
                    logger.info("enabling encrypted thrift connections between client and
server");
                    TSSLTransportParameters params = new TSSLTransportParameters(clientEnc.protocol,
clientEnc.cipher_suites);
                    params.setKeyStore(clientEnc.keystore, clientEnc.keystore_password);
                    params.requireClientAuth(clientEnc.require_client_auth);
                    TServerSocket sslServer = TSSLTransportFactory.getServerSocket(addr.getPort(),
0, addr.getAddress(), params);
                    serverTransport = new TCustomServerSocket(sslServer.getServerSocket(),
args.keepAlive, args.sendBufferSize, args.recvBufferSize);
                }
                else
                {
                    serverTransport = new TCustomServerSocket(addr, args.keepAlive, args.sendBufferSize,
args.recvBufferSize);
                }
{noformat}

At no point do we call setTrustStore(). Does requireClientAuth(true) even make any sense without
a truststore?
                
> Add support for SSL sockets to use client certificate authentication.
> ---------------------------------------------------------------------
>
>                 Key: CASSANDRA-5120
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-5120
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 1.2.0
>            Reporter: Steven Franklin
>            Assignee: Steven Franklin
>            Priority: Minor
>             Fix For: 1.2.1
>
>         Attachments: trunk-5120.txt
>
>
> Add an option to EncryptionOptions to require client certication authentication.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message