geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jared Stewart (JIRA)" <j...@apache.org>
Subject [jira] [Created] (GEODE-3640) Connect with --skip-ssl-validation should not require a Keystore or Truststore
Date Mon, 18 Sep 2017 18:32:00 GMT
Jared Stewart created GEODE-3640:
------------------------------------

             Summary: Connect with --skip-ssl-validation should not require a Keystore or
Truststore
                 Key: GEODE-3640
                 URL: https://issues.apache.org/jira/browse/GEODE-3640
             Project: Geode
          Issue Type: Bug
          Components: gfsh, security
            Reporter: Jared Stewart


We are still requiring a Keystore and Truststore to be specified if a user connects via gfsh
with --skip-ssl-validation.  We ought to be able to fall back to the default JVM truststore
in this case since we shouldn't be validating the server's certificate, and thus shouldn't
need a custom Truststore.  And since the gfsh client should not get its identity verified
by the server, it should not require a custom Keystore.  

This is what happens currently if you omit those options: 

{noformat}
gfsh>connect --use-http --url=https://locator-address/gemfire/v1 --user=username --password=********
--skip-ssl-validation
I/O error on GET request for "https://locator-address/gemfire/v1/index": sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
{noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message