cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Per Otterström (JIRA) <j...@apache.org>
Subject [jira] [Updated] (CASSANDRA-13404) Hostname verification for client-to-node encryption
Date Thu, 05 Oct 2017 12:35:02 GMT

     [ https://issues.apache.org/jira/browse/CASSANDRA-13404?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Per Otterström updated CASSANDRA-13404:
---------------------------------------
    Attachment: 13404-trunk-v2.patch

I've made an attempt based on the plug-in approach.

I have performed some basic tests on the client-server and server-server connections with
and without SSL, with successful results. More things scenarios must be covered, but I would
like some feedback on this first.

In short:
- A new ISecureChannelInitializer interface is created.
- Existing setup of SSL connection in Server class is moved into SecureClientChannelInitializer
- Existing setup of SSL connections NettyFactory clas is moved into SecureServerChannelInitializer
- Existing configuraiton options are supported as is
- Custom implementations have the option to use custom parameters based on the ParameterizedClass

A reflection of my own:
- In this patch set I'm using the same plug-in interface for client-server and server-server
initializers. Perhaps it would be more clean to have separate interfaces for them even though
they are very similar. For instance, dedicated interfaces would allow us to pass in client
specific encryption options and server specific encryption options.



> Hostname verification for client-to-node encryption
> ---------------------------------------------------
>
>                 Key: CASSANDRA-13404
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-13404
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Jan Karlsson
>            Assignee: Per Otterström
>             Fix For: 4.x
>
>         Attachments: 13404-trunk.txt, 13404-trunk-v2.patch
>
>
> Similarily to CASSANDRA-9220, Cassandra should support hostname verification for client-node
connections.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org


Mime
View raw message