Return-Path: 
 <issues-return-14140-apmail-ignite-issues-archive=ignite.apache.org@ignite.apache.org>
X-Original-To: apmail-ignite-issues-archive@minotaur.apache.org
Delivered-To: apmail-ignite-issues-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 0A2ED184CD
	for <apmail-ignite-issues-archive@minotaur.apache.org>;
 Thu, 28 Jan 2016 11:16:39 +0000 (UTC)
Received: (qmail 6782 invoked by uid 500); 28 Jan 2016 11:15:40 -0000
Delivered-To: apmail-ignite-issues-archive@ignite.apache.org
Received: (qmail 6620 invoked by uid 500); 28 Jan 2016 11:15:40 -0000
Mailing-List: contact issues-help@ignite.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@ignite.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@ignite.apache.org>
List-Post: <mailto:issues@ignite.apache.org>
List-Id: <issues.ignite.apache.org>
Reply-To: dev@ignite.apache.org
Delivered-To: mailing list issues@ignite.apache.org
Received: (qmail 6605 invoked by uid 99); 28 Jan 2016 11:15:40 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Jan 2016 11:15:40 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id F3F5E2C1F57
	for <issues@ignite.apache.org>; Thu, 28 Jan 2016 11:15:39 +0000 (UTC)
Date: Thu, 28 Jan 2016 11:15:39 +0000 (UTC)
From: "Nikolay Tikhonov (JIRA)" <jira@apache.org>
To: issues@ignite.apache.org
Message-ID: <JIRA.12927990.1452077997000.236040.1453979739996@Atlassian.JIRA>
In-Reply-To: <JIRA.12927990.1452077997000@Atlassian.JIRA>
References: <JIRA.12927990.1452077997000@Atlassian.JIRA>
 <JIRA.12927990.1452077997927@arcas>
Subject: [jira] [Commented] (IGNITE-2337) SSL & TLS use distinguished name
 of the certificate (DN)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/IGNITE-2337?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15121241#comment-15121241 ] 

Nikolay Tikhonov commented on IGNITE-2337:
------------------------------------------

I'm not sure that this parameter should be added in SslContextFactory. For checking certificates can be used trust manager from file store (see trustStoreFilePath and trustStorePassword properties) or implement your own. For example implement X509TrustManager has access to issuer DN. 

> SSL & TLS use distinguished name of the certificate (DN)
> --------------------------------------------------------
>
>                 Key: IGNITE-2337
>                 URL: https://issues.apache.org/jira/browse/IGNITE-2337
>             Project: Ignite
>          Issue Type: New Feature
>          Components: 1.4
>            Reporter: Andrey Kartashov
>              Labels: community, newbie
>             Fix For: 1.6
>
>
> Can you add the use of SSLPEERNAME for SslContextFactory parameter to check distinguished name of the certificate. It is necessary to use certificates signed by the certification authority. To get rid of certificate exchange.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)