You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Andrei Dulceanu (Jira)" <ji...@apache.org> on 2021/06/04 08:36:02 UTC
[jira] [Commented] (OAK-9451) Cold Standby SSL certificates should
be configurable
[ https://issues.apache.org/jira/browse/OAK-9451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17357178#comment-17357178 ]
Andrei Dulceanu commented on OAK-9451:
--------------------------------------
[~ahanikel], could you please open a PR against [https://github.com/apache/jackrabbit-oak?] I'm also used to review directly patches, if you can attach one to this issue. Thanks!
> Cold Standby SSL certificates should be configurable
> ----------------------------------------------------
>
> Key: OAK-9451
> URL: https://issues.apache.org/jira/browse/OAK-9451
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: segment-tar
> Reporter: Axel Hanikel
> Assignee: Andrei Dulceanu
> Priority: Major
>
> The cold standby is able to do SSL connections to the primary, but currently only using on-the-fly generated certificates. This means that data is transferred over an encrypted connection but there is no protection against a man in the middle yet.
> With this issue we want to:
> * make server and client certificates configurable
> * optionally validate the client certificate
> * optionally only allow matching subjects in client and server certificates
--
This message was sent by Atlassian Jira
(v8.3.4#803005)