cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sylvain Lebresne (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-6847) The binary transport doesn't load truststore file
Date Thu, 13 Mar 2014 08:22:44 GMT


Sylvain Lebresne commented on CASSANDRA-6847:

bq.  I have no recollection of why we bailed on the trust store for the native protocol.

I suspect that this has to do with the fact that CASSANDRA-5120, which adds the require_client_auth
for client connections, is newer than CASSANDRA-5031.

> The binary transport doesn't load truststore file
> -------------------------------------------------
>                 Key: CASSANDRA-6847
>                 URL:
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Mikhail Stepura
>            Priority: Minor
>              Labels: ssl
> {code:title=org.apache.cassandra.transport.Server.SecurePipelineFactory}
> this.sslContext = SSLFactory.createSSLContext(encryptionOptions, false);
> {code}
> {{false}} there means that {{truststore}} file won't be loaded in any case. 
> And that means that the file will not be used to validate clients when {{require_client_auth==true}},
> The only way to workaround that currently is to start C* with {{}}
> I believe we should load  {{truststore}} when {{require_client_auth==true}},

This message was sent by Atlassian JIRA

View raw message