From oak-issues-return-82375-archive-asf-public=cust-asf.ponee.io@jackrabbit.apache.org Fri Jun 4 15:50:03 2021 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mxout1-ec2-va.apache.org (mxout1-ec2-va.apache.org [3.227.148.255]) by mx-eu-01.ponee.io (Postfix) with ESMTPS id 55096180670 for ; Fri, 4 Jun 2021 17:50:03 +0200 (CEST) Received: from mail.apache.org (mailroute1-lw-us.apache.org [207.244.88.153]) by mxout1-ec2-va.apache.org (ASF Mail Server at mxout1-ec2-va.apache.org) with SMTP id 86C753EE4B for ; Fri, 4 Jun 2021 15:50:02 +0000 (UTC) Received: (qmail 72516 invoked by uid 500); 4 Jun 2021 15:50:02 -0000 Mailing-List: contact oak-issues-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: oak-dev@jackrabbit.apache.org Delivered-To: mailing list oak-issues@jackrabbit.apache.org Received: (qmail 72504 invoked by uid 99); 4 Jun 2021 15:50:02 -0000 Received: from mailrelay1-he-de.apache.org (HELO mailrelay1-he-de.apache.org) (116.203.21.61) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Jun 2021 15:50:02 +0000 Received: from jira2-he-de.apache.org (jira2-he-de.apache.org [168.119.33.54]) by mailrelay1-he-de.apache.org (ASF Mail Server at mailrelay1-he-de.apache.org) with ESMTPS id C31B23E8D3 for ; Fri, 4 Jun 2021 15:50:00 +0000 (UTC) Received: from jira2-he-de.apache.org (localhost.localdomain [127.0.0.1]) by jira2-he-de.apache.org (ASF Mail Server at jira2-he-de.apache.org) with ESMTP id 8BED6C802D3 for ; Fri, 4 Jun 2021 15:50:00 +0000 (UTC) Date: Fri, 4 Jun 2021 15:50:00 +0000 (UTC) From: "Andrei Dulceanu (Jira)" To: oak-issues@jackrabbit.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (OAK-9451) Cold Standby SSL certificates should be configurable MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/OAK-9451?page=3Dcom.atlassian.j= ira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D173574= 54#comment-17357454 ]=20 Andrei Dulceanu commented on OAK-9451: -------------------------------------- [~ahanikel], I applied your patch with slight changes regarding some if che= cks for deciding if the connection is secure or not (removed them from {{St= andbyServerSync and StandbyStoreService}}). Very nicely done, thanks for th= e contribution! Fixed in trunk at=C2=A0r1890468. > Cold Standby SSL certificates should be configurable > ---------------------------------------------------- > > Key: OAK-9451 > URL: https://issues.apache.org/jira/browse/OAK-9451 > Project: Jackrabbit Oak > Issue Type: Bug > Components: segment-tar > Reporter: Axel Hanikel > Assignee: Andrei Dulceanu > Priority: Major > Labels: cold-standby > Attachments: OAK-9451.patch.txt > > > The cold standby is able to do SSL connections to the primary, but curren= tly only using on-the-fly generated certificates. This means that data is t= ransferred over an encrypted connection but there is no protection against = a man in the middle yet. > With this issue we want to: > * make server and client certificates configurable > * optionally validate the client certificate > * optionally only allow matching subjects in client and server certificat= es=20 -- This message was sent by Atlassian Jira (v8.3.4#803005)