You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ignite.apache.org by "Ilya Kasnacheev (JIRA)" <ji...@apache.org> on 2019/01/14 10:21:00 UTC

[jira] [Commented] (IGNITE-10911) Need to enforce truststore key when control utility connect to cluster with SSL enabled

    [ https://issues.apache.org/jira/browse/IGNITE-10911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16741916#comment-16741916 ] 

Ilya Kasnacheev commented on IGNITE-10911:
------------------------------------------

"Default trust store" is a feature (and not an overlook/unspecified behavior) so its removal has to be justified.

Let's introduce --ssl-untrusted to be able to turn this mode on explicitly.

> Need to enforce truststore key when control utility connect to cluster with SSL enabled
> ---------------------------------------------------------------------------------------
>
>                 Key: IGNITE-10911
>                 URL: https://issues.apache.org/jira/browse/IGNITE-10911
>             Project: Ignite
>          Issue Type: Bug
>    Affects Versions: 2.5
>            Reporter: ARomantsov
>            Priority: Major
>             Fix For: 2.8
>
>
> I use the next setting in my app
> {code:java}
>         <property name="clientConnectorConfiguration">
>             <bean class="org.apache.ignite.configuration.ClientConnectorConfiguration">
>                 <property name="sslEnabled" value="true"/>
>                 <property name="sslClientAuth" value="true"/>
>                 <property name="sslContextFactory">
>                     <bean class="org.apache.ignite.ssl.SslContextFactory">
>                         <property name="keyStoreFilePath" value="${TEST_DIR}/server.jks"/>
>                         <property name="keyStorePassword" value="*"/>
>                         <property name="trustStoreFilePath" value="${TEST_DIR}/trust.jks"/>
>                         <property name="trustStorePassword" value="*"/>
>                     </bean>
>                 </property>
>             </bean>
>         </property>
>         <property name="sslContextFactory">
>             <bean class="org.apache.ignite.ssl.SslContextFactory">
>                 <property name="keyStoreFilePath" value="${TEST_DIR}/server.jks"/>
>                 <property name="keyStorePassword" value="*"/>
>                 <property name="trustStoreFilePath" value="${TEST_DIR}/trust.jks"/>
>                 <property name="trustStorePassword" value="*"/>
>             </bean>
>         </property>
>         <!-- Enable SSL for external connect  -->
>         <property name="connectorConfiguration">
>             <bean class="org.apache.ignite.configuration.ConnectorConfiguration">
>                 <property name="sslEnabled" value="true"/>
>                 <property name="sslClientAuth" value="true"/>
>             </bean>
>         </property>
> {code}
> And can get the result of command - control.bat --baseline --keystore..\server.jks --keystore-password * without set up truststore



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)