[jira] [Commented] (CASSANDRA-11532) CqlConfigHelper requires both truststore and keystore to work with SSL encryption

Fri, 08 Apr 2016 09:12:00 -0700 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-11532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15232404#comment-15232404
 ] 

Jeremiah Jordan commented on CASSANDRA-11532:
---------------------------------------------

+1 Started CI

||2.2||3.0||trunk||
|[branch|https://github.com/JeremiahDJordan/cassandra/tree/CASSANDRA-11532-22]|[branch|https://github.com/JeremiahDJordan/cassandra/tree/CASSANDRA-11532-30]|[branch|https://github.com/JeremiahDJordan/cassandra/tree/CASSANDRA-11532-trunk]|
|[testall|http://cassci.datastax.com/view/Dev/view/zanson/job/JeremiahDJordan-CASSANDRA-11532-22-testall/]|[testall|http://cassci.datastax.com/view/Dev/view/zanson/job/JeremiahDJordan-CASSANDRA-11532-30-testall/]|[testall|http://cassci.datastax.com/view/Dev/view/zanson/job/JeremiahDJordan-CASSANDRA-11532-trunk-testall/]|
|[dtest|http://cassci.datastax.com/view/Dev/view/zanson/job/JeremiahDJordan-CASSANDRA-11532-22-dtest/]|[dtest|http://cassci.datastax.com/view/Dev/view/zanson/job/JeremiahDJordan-CASSANDRA-11532-22-dtest/]|[dtest|http://cassci.datastax.com/view/Dev/view/zanson/job/JeremiahDJordan-CASSANDRA-11532-22-dtest/]|

> CqlConfigHelper requires both truststore and keystore to work with SSL 
> encryption
> ---------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-11532
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-11532
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Jacek Lewandowski
>            Assignee: Jacek Lewandowski
>         Attachments: CASSANDRA_11532.patch
>
>
> {{CqlConfigHelper}} configures SSL in the following way:
> {code:java}
>     public static Optional<SSLOptions> getSSLOptions(Configuration conf)
>     {
>         Optional<String> truststorePath = 
> getInputNativeSSLTruststorePath(conf);
>         Optional<String> keystorePath = getInputNativeSSLKeystorePath(conf);
>         Optional<String> truststorePassword = 
> getInputNativeSSLTruststorePassword(conf);
>         Optional<String> keystorePassword = 
> getInputNativeSSLKeystorePassword(conf);
>         Optional<String> cipherSuites = getInputNativeSSLCipherSuites(conf);
>         
>         if (truststorePath.isPresent() && keystorePath.isPresent() && 
> truststorePassword.isPresent() && keystorePassword.isPresent())
>         {
>             SSLContext context;
>             try
>             {
>                 context = getSSLContext(truststorePath.get(), 
> truststorePassword.get(), keystorePath.get(), keystorePassword.get());
>             }
>             catch (UnrecoverableKeyException | KeyManagementException |
>                     NoSuchAlgorithmException | KeyStoreException | 
> CertificateException | IOException e)
>             {
>                 throw new RuntimeException(e);
>             }
>             String[] css = null;
>             if (cipherSuites.isPresent())
>                 css = cipherSuites.get().split(",");
>             return Optional.of(JdkSSLOptions.builder()
>                                             .withSSLContext(context)
>                                             .withCipherSuites(css)
>                                             .build());
>         }
>         return Optional.absent();
>     }
> {code}
> which forces you to connect only to trusted nodes and client authentication. 
> This should be made more flexible so that at least client authentication is 
> optional. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to