cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeremiah Jordan (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CASSANDRA-11532) CqlConfigHelper requires both truststore and keystore to work with SSL encryption
Date Fri, 08 Apr 2016 16:12:25 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-11532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15232404#comment-15232404
] 

Jeremiah Jordan edited comment on CASSANDRA-11532 at 4/8/16 4:12 PM:
---------------------------------------------------------------------

+1 Started CI

||2.2||3.0||trunk||
|[branch|https://github.com/JeremiahDJordan/cassandra/tree/CASSANDRA-11532-22]|[branch|https://github.com/JeremiahDJordan/cassandra/tree/CASSANDRA-11532-30]|[branch|https://github.com/JeremiahDJordan/cassandra/tree/CASSANDRA-11532-trunk]|
|[testall|http://cassci.datastax.com/view/Dev/view/zanson/job/JeremiahDJordan-CASSANDRA-11532-22-testall/]|[testall|http://cassci.datastax.com/view/Dev/view/zanson/job/JeremiahDJordan-CASSANDRA-11532-30-testall/]|[testall|http://cassci.datastax.com/view/Dev/view/zanson/job/JeremiahDJordan-CASSANDRA-11532-trunk-testall/]|
|[dtest|http://cassci.datastax.com/view/Dev/view/zanson/job/JeremiahDJordan-CASSANDRA-11532-22-dtest/]|[dtest|http://cassci.datastax.com/view/Dev/view/zanson/job/JeremiahDJordan-CASSANDRA-11532-22-dtest/]|[dtest|http://cassci.datastax.com/view/Dev/view/zanson/job/JeremiahDJordan-CASSANDRA-11532-22-dtest/]|

The 2.2 branch merges forward cleanly.


was (Author: jjordan):
+1 Started CI

||2.2||3.0||trunk||
|[branch|https://github.com/JeremiahDJordan/cassandra/tree/CASSANDRA-11532-22]|[branch|https://github.com/JeremiahDJordan/cassandra/tree/CASSANDRA-11532-30]|[branch|https://github.com/JeremiahDJordan/cassandra/tree/CASSANDRA-11532-trunk]|
|[testall|http://cassci.datastax.com/view/Dev/view/zanson/job/JeremiahDJordan-CASSANDRA-11532-22-testall/]|[testall|http://cassci.datastax.com/view/Dev/view/zanson/job/JeremiahDJordan-CASSANDRA-11532-30-testall/]|[testall|http://cassci.datastax.com/view/Dev/view/zanson/job/JeremiahDJordan-CASSANDRA-11532-trunk-testall/]|
|[dtest|http://cassci.datastax.com/view/Dev/view/zanson/job/JeremiahDJordan-CASSANDRA-11532-22-dtest/]|[dtest|http://cassci.datastax.com/view/Dev/view/zanson/job/JeremiahDJordan-CASSANDRA-11532-22-dtest/]|[dtest|http://cassci.datastax.com/view/Dev/view/zanson/job/JeremiahDJordan-CASSANDRA-11532-22-dtest/]|

> CqlConfigHelper requires both truststore and keystore to work with SSL encryption
> ---------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-11532
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-11532
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Jacek Lewandowski
>            Assignee: Jacek Lewandowski
>         Attachments: CASSANDRA_11532.patch
>
>
> {{CqlConfigHelper}} configures SSL in the following way:
> {code:java}
>     public static Optional<SSLOptions> getSSLOptions(Configuration conf)
>     {
>         Optional<String> truststorePath = getInputNativeSSLTruststorePath(conf);
>         Optional<String> keystorePath = getInputNativeSSLKeystorePath(conf);
>         Optional<String> truststorePassword = getInputNativeSSLTruststorePassword(conf);
>         Optional<String> keystorePassword = getInputNativeSSLKeystorePassword(conf);
>         Optional<String> cipherSuites = getInputNativeSSLCipherSuites(conf);
>         
>         if (truststorePath.isPresent() && keystorePath.isPresent() &&
truststorePassword.isPresent() && keystorePassword.isPresent())
>         {
>             SSLContext context;
>             try
>             {
>                 context = getSSLContext(truststorePath.get(), truststorePassword.get(),
keystorePath.get(), keystorePassword.get());
>             }
>             catch (UnrecoverableKeyException | KeyManagementException |
>                     NoSuchAlgorithmException | KeyStoreException | CertificateException
| IOException e)
>             {
>                 throw new RuntimeException(e);
>             }
>             String[] css = null;
>             if (cipherSuites.isPresent())
>                 css = cipherSuites.get().split(",");
>             return Optional.of(JdkSSLOptions.builder()
>                                             .withSSLContext(context)
>                                             .withCipherSuites(css)
>                                             .build());
>         }
>         return Optional.absent();
>     }
> {code}
> which forces you to connect only to trusted nodes and client authentication. This should
be made more flexible so that at least client authentication is optional. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message