You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Andrei Dulceanu (Jira)" <ji...@apache.org> on 2021/07/13 15:39:00 UTC
[jira] [Commented] (OAK-9451) Cold Standby SSL certificates should
be configurable
[ https://issues.apache.org/jira/browse/OAK-9451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17379985#comment-17379985 ]
Andrei Dulceanu commented on OAK-9451:
--------------------------------------
Backported to 1.22 branch at e7dc8b2122ae0a0fd7fa29c87ac1156c6b9d6154.
> Cold Standby SSL certificates should be configurable
> ----------------------------------------------------
>
> Key: OAK-9451
> URL: https://issues.apache.org/jira/browse/OAK-9451
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: segment-tar
> Reporter: Axel Hanikel
> Assignee: Andrei Dulceanu
> Priority: Major
> Labels: cold-standby
> Fix For: 1.22.8, 1.42.0
>
> Attachments: OAK-9451.patch.txt
>
>
> The cold standby is able to do SSL connections to the primary, but currently only using on-the-fly generated certificates. This means that data is transferred over an encrypted connection but there is no protection against a man in the middle yet.
> With this issue we want to:
> * make server and client certificates configurable
> * optionally validate the client certificate
> * optionally only allow matching subjects in client and server certificates
--
This message was sent by Atlassian Jira
(v8.3.4#803005)