You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Jeremiah Jordan (JIRA)" <ji...@apache.org> on 2014/04/17 16:27:15 UTC
[jira] [Commented] (CASSANDRA-6847) The binary transport doesn't
load truststore file
[ https://issues.apache.org/jira/browse/CASSANDRA-6847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13972980#comment-13972980 ]
Jeremiah Jordan commented on CASSANDRA-6847:
--------------------------------------------
Can we put a line in changes.txt for this? I spent 2 days pulling my hair out from this one, and yes I probably should have done a full JIRA search, but I would expect "require_client_auth" being completely broken to show up in changes.txt :/
> The binary transport doesn't load truststore file
> -------------------------------------------------
>
> Key: CASSANDRA-6847
> URL: https://issues.apache.org/jira/browse/CASSANDRA-6847
> Project: Cassandra
> Issue Type: Bug
> Reporter: Mikhail Stepura
> Assignee: Mikhail Stepura
> Priority: Minor
> Labels: ssl
> Fix For: 1.2.16, 2.0.7, 2.1 beta2
>
> Attachments: cassandra-2.0-6847.patch
>
>
> {code:title=org.apache.cassandra.transport.Server.SecurePipelineFactory}
> this.sslContext = SSLFactory.createSSLContext(encryptionOptions, false);
> {code}
> {{false}} there means that {{truststore}} file won't be loaded in any case.
> And that means that the file will not be used to validate clients when {{require_client_auth==true}}, making http://www.datastax.com/documentation/cassandra/2.0/cassandra/security/secureNewTrustedUsers_t.html meaningless.
> The only way to workaround that currently is to start C* with {{-Djavax.net.ssl.trustStore=conf/.truststore}}
> I believe we should load {{truststore}} when {{require_client_auth==true}},
--
This message was sent by Atlassian JIRA
(v6.2#6252)