You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Kunal Shubham (Jira)" <ji...@apache.org> on 2021/10/14 06:08:00 UTC
[jira] [Commented] (OAK-9451) Cold Standby SSL certificates should
be configurable
[ https://issues.apache.org/jira/browse/OAK-9451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17428618#comment-17428618 ]
Kunal Shubham commented on OAK-9451:
------------------------------------
Backported to 1.8 - [https://github.com/apache/jackrabbit-oak/pull/384]
> Cold Standby SSL certificates should be configurable
> ----------------------------------------------------
>
> Key: OAK-9451
> URL: https://issues.apache.org/jira/browse/OAK-9451
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: segment-tar
> Reporter: Axel Hanikel
> Assignee: Andrei Dulceanu
> Priority: Major
> Labels: cold-standby
> Fix For: 1.22.8, 1.42.0
>
> Attachments: OAK-9451.patch.txt
>
>
> The cold standby is able to do SSL connections to the primary, but currently only using on-the-fly generated certificates. This means that data is transferred over an encrypted connection but there is no protection against a man in the middle yet.
> With this issue we want to:
> * make server and client certificates configurable
> * optionally validate the client certificate
> * optionally only allow matching subjects in client and server certificates
--
This message was sent by Atlassian Jira
(v8.3.4#803005)