geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Darrel Schneider (JIRA)" <>
Subject [jira] [Created] (GEODE-396) One way SSL authentication between client and server fails
Date Tue, 13 Oct 2015 00:17:05 GMT
Darrel Schneider created GEODE-396:

             Summary: One way SSL authentication between client and server fails
                 Key: GEODE-396
             Project: Geode
          Issue Type: Bug
          Components: core
            Reporter: Darrel Schneider
            Assignee: Darrel Schneider

If the {{{server-ssl-require-authentication}}} property is configured like below so that clients
aren't required to be SSL-authenticated by the server:

On client: {{{server-ssl-require-authentication=true}}}
On server: {{{server-ssl-require-authentication=false}}}

Then, this exception occurs on the server:
[severe 2015/10/05 13:31:23.465 PDT server1 <Cache Server Acceptor
local port: 63520> tid=0x40] SSL Error in authenticating peer /[63,528]. peer not authenticated
	at com.gemstone.gemfire.internal.SocketCreator.configureServerSSLSocket(
	at com.gemstone.gemfire.internal.cache.tier.sockets.AcceptorImpl.accept(
This happens because the {{{AcceptorImpl accept}}} method uses the default {{{SocketCreator}}},
not a {{{SocketCreator}}} configured with the {{{server-ssl-*}}} properties. The default {{{SocketCreator}}}
is configured using the {{{cluster-ssl-*}}} properties not the {{{server-ssl-*}}} properties.

The attached test reproduces this issue, and the attached patch is a potential fix for it.

Also, if {{{server-ssl-enabled=true}}}, the {{{AcceptorImpl}}} constructor logs the message
below. It should not be doing this since the value of properties can contain
sensitive data.
[info 2015/10/05 11:53:16.930 PDT server1 <main> tid=0x1] Starting CacheServer with
SSL config : Authentication Required true Ciphers any Protocols any Other Properties -- listing
properties --

This message was sent by Atlassian JIRA

View raw message