From oak-issues-return-82376-archive-asf-public=cust-asf.ponee.io@jackrabbit.apache.org Fri Jun 4 15:50:04 2021 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mxout1-ec2-va.apache.org (mxout1-ec2-va.apache.org [3.227.148.255]) by mx-eu-01.ponee.io (Postfix) with ESMTPS id 420AC180670 for ; Fri, 4 Jun 2021 17:50:04 +0200 (CEST) Received: from mail.apache.org (mailroute1-lw-us.apache.org [207.244.88.153]) by mxout1-ec2-va.apache.org (ASF Mail Server at mxout1-ec2-va.apache.org) with SMTP id 38B934222D for ; Fri, 4 Jun 2021 15:50:03 +0000 (UTC) Received: (qmail 72820 invoked by uid 500); 4 Jun 2021 15:50:02 -0000 Mailing-List: contact oak-issues-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: oak-dev@jackrabbit.apache.org Delivered-To: mailing list oak-issues@jackrabbit.apache.org Received: (qmail 72613 invoked by uid 99); 4 Jun 2021 15:50:02 -0000 Received: from mailrelay1-he-de.apache.org (HELO mailrelay1-he-de.apache.org) (116.203.21.61) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Jun 2021 15:50:02 +0000 Received: from jira2-he-de.apache.org (jira2-he-de.apache.org [168.119.33.54]) by mailrelay1-he-de.apache.org (ASF Mail Server at mailrelay1-he-de.apache.org) with ESMTPS id 035803E8DF for ; Fri, 4 Jun 2021 15:50:01 +0000 (UTC) Received: from jira2-he-de.apache.org (localhost.localdomain [127.0.0.1]) by jira2-he-de.apache.org (ASF Mail Server at jira2-he-de.apache.org) with ESMTP id 90491C8099A for ; Fri, 4 Jun 2021 15:50:00 +0000 (UTC) Date: Fri, 4 Jun 2021 15:50:00 +0000 (UTC) From: "Andrei Dulceanu (Jira)" To: oak-issues@jackrabbit.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (OAK-9451) Cold Standby SSL certificates should be configurable MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/OAK-9451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andrei Dulceanu updated OAK-9451: --------------------------------- Fix Version/s: 1.42.0 > Cold Standby SSL certificates should be configurable > ---------------------------------------------------- > > Key: OAK-9451 > URL: https://issues.apache.org/jira/browse/OAK-9451 > Project: Jackrabbit Oak > Issue Type: Improvement > Components: segment-tar > Reporter: Axel Hanikel > Assignee: Andrei Dulceanu > Priority: Major > Labels: cold-standby > Fix For: 1.42.0 > > Attachments: OAK-9451.patch.txt > > > The cold standby is able to do SSL connections to the primary, but currently only using on-the-fly generated certificates. This means that data is transferred over an encrypted connection but there is no protection against a man in the middle yet. > With this issue we want to: > * make server and client certificates configurable > * optionally validate the client certificate > * optionally only allow matching subjects in client and server certificates -- This message was sent by Atlassian Jira (v8.3.4#803005)