You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Andrei Dulceanu (Jira)" <ji...@apache.org> on 2021/07/13 15:39:00 UTC

[jira] [Updated] (OAK-9451) Cold Standby SSL certificates should be configurable

     [ https://issues.apache.org/jira/browse/OAK-9451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andrei Dulceanu updated OAK-9451:
---------------------------------
    Fix Version/s: 1.22.8

> Cold Standby SSL certificates should be configurable
> ----------------------------------------------------
>
>                 Key: OAK-9451
>                 URL: https://issues.apache.org/jira/browse/OAK-9451
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: segment-tar
>            Reporter: Axel Hanikel
>            Assignee: Andrei Dulceanu
>            Priority: Major
>              Labels: cold-standby
>             Fix For: 1.22.8, 1.42.0
>
>         Attachments: OAK-9451.patch.txt
>
>
> The cold standby is able to do SSL connections to the primary, but currently only using on-the-fly generated certificates. This means that data is transferred over an encrypted connection but there is no protection against a man in the middle yet.
> With this issue we want to:
> * make server and client certificates configurable
> * optionally validate the client certificate
> * optionally only allow matching subjects in client and server certificates 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)