jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrei Dulceanu (Jira)" <j...@apache.org>
Subject [jira] [Commented] (OAK-9451) Cold Standby SSL certificates should be configurable
Date Fri, 04 Jun 2021 15:50:00 GMT

    [ https://issues.apache.org/jira/browse/OAK-9451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17357454#comment-17357454

Andrei Dulceanu commented on OAK-9451:

[~ahanikel], I applied your patch with slight changes regarding some if checks for deciding
if the connection is secure or not (removed them from {{StandbyServerSync and StandbyStoreService}}).
Very nicely done, thanks for the contribution!

Fixed in trunk at r1890468.

> Cold Standby SSL certificates should be configurable
> ----------------------------------------------------
>                 Key: OAK-9451
>                 URL: https://issues.apache.org/jira/browse/OAK-9451
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: segment-tar
>            Reporter: Axel Hanikel
>            Assignee: Andrei Dulceanu
>            Priority: Major
>              Labels: cold-standby
>         Attachments: OAK-9451.patch.txt
> The cold standby is able to do SSL connections to the primary, but currently only using
on-the-fly generated certificates. This means that data is transferred over an encrypted connection
but there is no protection against a man in the middle yet.
> With this issue we want to:
> * make server and client certificates configurable
> * optionally validate the client certificate
> * optionally only allow matching subjects in client and server certificates 

This message was sent by Atlassian Jira

View raw message