[ https://issues.apache.org/jira/browse/CASSANDRA-14991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ariel Weisberg updated CASSANDRA-14991: --------------------------------------- Resolution: Fixed Status: Resolved (was: Ready to Commit) Committed as [367cdc95514d4550db57054c90fb794fc29179d1|https://github.com/apache/cassandra/commit/367cdc95514d4550db57054c90fb794fc29179d1]. Thanks! > SSL Cert Hot Reloading should check for sanity of the new keystore/truststore > before loading it > ----------------------------------------------------------------------------------------------- > > Key: CASSANDRA-14991 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14991 > Project: Cassandra > Issue Type: Bug > Components: Feature/Encryption > Reporter: Dinesh Joshi > Assignee: Dinesh Joshi > Priority: Major > Labels: security > Fix For: 4.0 > > > SSL Cert Hot Reloading assumes that the keystore & truststore are valid. > However, a corrupt store or a password mismatch can cause Cassandra to fail > accepting new connections as we throw away the old {{SslContext}}. This patch > will ensure that we check the sanity of the certificates during startup and > during hot reloading. This should protect against bad key/trust stores. As > part of this PR, I have cleaned up the code a bit. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org