(cassandra-dtest) branch trunk updated: Regenerating Cassandra SSL test certificates with SANs and fixing TLS-related test failures

Thu, 18 Jun 2026 01:05:50 -0700 

This is an automated email from the ASF dual-hosted git repository.

netudima pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra-dtest.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 3284b175 Regenerating Cassandra SSL test certificates with SANs and 
fixing TLS-related test failures
3284b175 is described below

commit 3284b1754e5639f9bbef5c0bfd61e5485eea83db
Author: Dmitry Konstantinov <[email protected]>
AuthorDate: Tue Jun 9 16:16:43 2026 +0100

    Regenerating Cassandra SSL test certificates with SANs and fixing 
TLS-related test failures
    
    Patch by Dmitry Konstantinov; reviewed by Michael Semb Wever for 
CASSANDRA-21441
---
 tools/misc.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tools/misc.py b/tools/misc.py
index 2f43d9df..b18c16b2 100644
--- a/tools/misc.py
+++ b/tools/misc.py
@@ -1,4 +1,5 @@
 import os
+import socket
 import subprocess
 import time
 import hashlib
@@ -66,9 +67,15 @@ def generate_ssl_stores(base_dir, passphrase='cassandra'):
         return
 
     logger.debug("generating keystore.jks in [{0}]".format(base_dir))
+    local_ip = socket.gethostbyname(socket.gethostname())
+    ips = ['127.0.0.{}'.format(i) for i in range(1, 17)]
+    if local_ip not in ips:
+        ips.append(local_ip)
+    san = 'dns:localhost,' + ','.join('ip:' + ip for ip in ips)
     subprocess.check_call(['keytool', '-genkeypair', '-alias', 'ccm_node', 
'-keyalg', 'RSA', '-validity', '365',
                            '-keystore', os.path.join(base_dir, 
'keystore.jks'), '-storepass', passphrase,
-                           '-dname', 'cn=Cassandra 
Node,ou=CCMnode,o=DataStax,c=US', '-keypass', passphrase])
+                           '-dname', 'cn=Cassandra 
Node,ou=CCMnode,o=DataStax,c=US', '-keypass', passphrase,
+                           '-ext', 'SAN=' + san])
     logger.debug("exporting cert from keystore.jks in [{0}]".format(base_dir))
     subprocess.check_call(['keytool', '-export', '-rfc', '-alias', 'ccm_node',
                            '-keystore', os.path.join(base_dir, 'keystore.jks'),


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to