You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "Ryan McMahon (JIRA)" <ji...@apache.org> on 2018/05/16 22:18:00 UTC
[jira] [Created] (GEODE-5227) Perform meaningful validation on
keystore and truststore files when using SSL
Ryan McMahon created GEODE-5227:
-----------------------------------
Summary: Perform meaningful validation on keystore and truststore files when using SSL
Key: GEODE-5227
URL: https://issues.apache.org/jira/browse/GEODE-5227
Project: Geode
Issue Type: Test
Components: native client
Reporter: Ryan McMahon
*_As_* a customer
*_I want to_* get meaningful error feedback when I provide invalid paths or file contents for `ssl-keystore` or `ssl-truststore`
*_So that_* I can fix the problem without guess-work
If you provide invalid path (e.g. non-existent) for the `ssl-keystore` or `ssl-truststore` config properties, the SSL handshake still proceeds and fails with an obscure error message
"TcpSslConn::connect failed with errno: 336462231: Unknown error"
and in the locator logs we get:
"javax.net.ssl.SSLHandshakeException: null cert chain"
You get a similar error if the .pem file contents are malformed or out of order.
We should do proper validation on the .pem files provided in `ssl-keystore` and `ssl-truststore` and provide a meaningful error if they are not found or malformed.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)