[
https://issues.apache.org/jira/browse/CASSANDRA-13404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16192804#comment-16192804
]
Per Otterström edited comment on CASSANDRA-13404 at 10/5/17 12:36 PM:
----------------------------------------------------------------------
I've made an attempt based on the plug-in approach. Attached as v2 patch.
I have performed some basic tests on the client-server and server-server
connections with and without SSL, with successful results. More things
scenarios must be covered, but I would like some feedback on this first.
In short:
- A new ISecureChannelInitializer interface is created.
- Existing setup of SSL connection in Server class is moved into
SecureClientChannelInitializer
- Existing setup of SSL connections NettyFactory clas is moved into
SecureServerChannelInitializer
- Existing configuraiton options are supported as is
- Custom implementations have the option to use custom parameters based on the
ParameterizedClass
A reflection of my own:
- In this patch set I'm using the same plug-in interface for client-server and
server-server initializers. Perhaps it would be more clean to have separate
interfaces for them even though they are very similar. For instance, dedicated
interfaces would allow us to pass in client specific encryption options and
server specific encryption options.
was (Author: eperott):
I've made an attempt based on the plug-in approach.
I have performed some basic tests on the client-server and server-server
connections with and without SSL, with successful results. More things
scenarios must be covered, but I would like some feedback on this first.
In short:
- A new ISecureChannelInitializer interface is created.
- Existing setup of SSL connection in Server class is moved into
SecureClientChannelInitializer
- Existing setup of SSL connections NettyFactory clas is moved into
SecureServerChannelInitializer
- Existing configuraiton options are supported as is
- Custom implementations have the option to use custom parameters based on the
ParameterizedClass
A reflection of my own:
- In this patch set I'm using the same plug-in interface for client-server and
server-server initializers. Perhaps it would be more clean to have separate
interfaces for them even though they are very similar. For instance, dedicated
interfaces would allow us to pass in client specific encryption options and
server specific encryption options.
> Hostname verification for client-to-node encryption
> ---------------------------------------------------
>
> Key: CASSANDRA-13404
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13404
> Project: Cassandra
> Issue Type: New Feature
> Reporter: Jan Karlsson
> Assignee: Per Otterström
> Fix For: 4.x
>
> Attachments: 13404-trunk.txt, 13404-trunk-v2.patch
>
>
> Similarily to CASSANDRA-9220, Cassandra should support hostname verification
> for client-node connections.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
