[jira] [Updated] (CASSANDRA-11532) CqlConfigHelper requires both truststore and keystore to work with SSL encryption

Thu, 07 Apr 2016 22:36:52 -0700 

     [ 
https://issues.apache.org/jira/browse/CASSANDRA-11532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jacek Lewandowski updated CASSANDRA-11532:
------------------------------------------
    Status: Patch Available  (was: In Progress)

> CqlConfigHelper requires both truststore and keystore to work with SSL 
> encryption
> ---------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-11532
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-11532
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Jacek Lewandowski
>            Assignee: Jacek Lewandowski
>         Attachments: CASSANDRA_11532.patch
>
>
> {{CqlConfigHelper}} configures SSL in the following way:
> {code:java}
>     public static Optional<SSLOptions> getSSLOptions(Configuration conf)
>     {
>         Optional<String> truststorePath = 
> getInputNativeSSLTruststorePath(conf);
>         Optional<String> keystorePath = getInputNativeSSLKeystorePath(conf);
>         Optional<String> truststorePassword = 
> getInputNativeSSLTruststorePassword(conf);
>         Optional<String> keystorePassword = 
> getInputNativeSSLKeystorePassword(conf);
>         Optional<String> cipherSuites = getInputNativeSSLCipherSuites(conf);
>         
>         if (truststorePath.isPresent() && keystorePath.isPresent() && 
> truststorePassword.isPresent() && keystorePassword.isPresent())
>         {
>             SSLContext context;
>             try
>             {
>                 context = getSSLContext(truststorePath.get(), 
> truststorePassword.get(), keystorePath.get(), keystorePassword.get());
>             }
>             catch (UnrecoverableKeyException | KeyManagementException |
>                     NoSuchAlgorithmException | KeyStoreException | 
> CertificateException | IOException e)
>             {
>                 throw new RuntimeException(e);
>             }
>             String[] css = null;
>             if (cipherSuites.isPresent())
>                 css = cipherSuites.get().split(",");
>             return Optional.of(JdkSSLOptions.builder()
>                                             .withSSLContext(context)
>                                             .withCipherSuites(css)
>                                             .build());
>         }
>         return Optional.absent();
>     }
> {code}
> which forces you to connect only to trusted nodes and client authentication. 
> This should be made more flexible so that at least client authentication is 
> optional. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to