[ https://issues.apache.org/jira/browse/CASSANDRA-14991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16750243#comment-16750243 ]
Ariel Weisberg commented on CASSANDRA-14991: -------------------------------------------- RE #3, but it's always hardcoded to true when the server actually goes to build the SSL certs? https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/net/async/NettyFactory.java#L295 https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/net/async/NettyFactory.java#L372 Why should we test with different parameters then are used when we actually go to construct the SSL context? Is the SSL context being constructed with invalid parameters? > SSL Cert Hot Reloading should check for sanity of the new keystore/truststore > before loading it > ----------------------------------------------------------------------------------------------- > > Key: CASSANDRA-14991 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14991 > Project: Cassandra > Issue Type: Bug > Components: Feature/Encryption > Reporter: Dinesh Joshi > Assignee: Dinesh Joshi > Priority: Major > Labels: security > Fix For: 4.0 > > > SSL Cert Hot Reloading assumes that the keystore & truststore are valid. > However, a corrupt store or a password mismatch can cause Cassandra to fail > accepting new connections as we throw away the old {{SslContext}}. This patch > will ensure that we check the sanity of the certificates during startup and > during hot reloading. This should protect against bad key/trust stores. As > part of this PR, I have cleaned up the code a bit. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org