You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "Addison (JIRA)" <ji...@apache.org> on 2018/10/25 17:27:00 UTC
[jira] [Updated] (GEODE-5227) Perform meaningful validation on
keystore and truststore files when using SSL
[ https://issues.apache.org/jira/browse/GEODE-5227?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Addison updated GEODE-5227:
---------------------------
Priority: Minor (was: Major)
> Perform meaningful validation on keystore and truststore files when using SSL
> -----------------------------------------------------------------------------
>
> Key: GEODE-5227
> URL: https://issues.apache.org/jira/browse/GEODE-5227
> Project: Geode
> Issue Type: Improvement
> Components: native client
> Reporter: Ryan McMahon
> Priority: Minor
>
> *_As_* a customer
> *_I want to_* get meaningful error feedback when I provide invalid paths or file contents for `ssl-keystore` or `ssl-truststore`
> *_So that_* I can fix the problem without guess-work
> If you provide invalid path (e.g. non-existent) for the `ssl-keystore` or `ssl-truststore` config properties, the SSL handshake still proceeds and fails with an obscure error message
> "TcpSslConn::connect failed with errno: 336462231: Unknown error"
> and in the locator logs we get:
> "javax.net.ssl.SSLHandshakeException: null cert chain"
> You get a similar error if the .pem file contents are malformed or out of order.
> We should do proper validation on the .pem files provided in `ssl-keystore` and `ssl-truststore` and provide a meaningful error if they are not found or malformed.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)