[ https://issues.apache.org/jira/browse/CASSANDRA-14991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16746663#comment-16746663 ]
Dinesh Joshi commented on CASSANDRA-14991: ------------------------------------------ dtest with vnodes have some failures but they're unrelated to this change. dtests without vnodes and utests are good. > SSL Cert Hot Reloading should check for sanity of the new keystore/truststore > before loading it > ----------------------------------------------------------------------------------------------- > > Key: CASSANDRA-14991 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14991 > Project: Cassandra > Issue Type: Bug > Components: Feature/Encryption > Reporter: Dinesh Joshi > Assignee: Dinesh Joshi > Priority: Major > Labels: security > > SSL Cert Hot Reloading assumes that the keystore & truststore are valid. > However, a corrupt store or a password mismatch can cause Cassandra to fail > accepting new connections as we throw away the old {{SslContext}}. This patch > will ensure that we check the sanity of the certificates during startup and > during hot reloading. This should protect against bad key/trust stores. As > part of this PR, I have cleaned up the code a bit. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org