You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@geode.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2017/09/28 14:27:00 UTC

[jira] [Commented] (GEODE-3640) Connect with --skip-ssl-validation should not require a Keystore or Truststore

    [ https://issues.apache.org/jira/browse/GEODE-3640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16184242#comment-16184242 ] 

ASF subversion and git services commented on GEODE-3640:
--------------------------------------------------------

Commit 9d1babdcf89f4fdce705877c860b2b3b1d6b6cff in geode's branch refs/heads/develop from [~jens.deppe]
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=9d1babd ]

GEODE-3640: Accept all certs when --skip-ssl-verification is used


> Connect with --skip-ssl-validation should not require a Keystore or Truststore
> ------------------------------------------------------------------------------
>
>                 Key: GEODE-3640
>                 URL: https://issues.apache.org/jira/browse/GEODE-3640
>             Project: Geode
>          Issue Type: Bug
>          Components: docs, gfsh, security
>    Affects Versions: 1.2.0
>            Reporter: Jared Stewart
>            Assignee: Jared Stewart
>             Fix For: 1.3.0
>
>
> We are still requiring a Keystore and Truststore to be specified if a user connects via gfsh with --skip-ssl-validation.  We ought to be able to fall back to the default JVM truststore in this case since we shouldn't be validating the server's certificate, and thus shouldn't need a custom Truststore.  And since the gfsh client should not get its identity verified by the server, it should not require a custom Keystore.  
> This is what happens currently if you omit those options: 
> {noformat}
> gfsh>connect --use-http --url=https://locator-address/gemfire/v1 --user=username --password=******** --skip-ssl-validation
> I/O error on GET request for "https://locator-address/gemfire/v1/index": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)