[
https://issues.apache.org/jira/browse/CASSANDRA-5120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aleksey Yeschenko reopened CASSANDRA-5120:
------------------------------------------
I've got a feeling that this doesn't actually work.
{noformat}
final ClientEncryptionOptions clientEnc =
DatabaseDescriptor.getClientEncryptionOptions();
if (clientEnc.enabled)
{
logger.info("enabling encrypted thrift connections between
client and server");
TSSLTransportParameters params = new
TSSLTransportParameters(clientEnc.protocol, clientEnc.cipher_suites);
params.setKeyStore(clientEnc.keystore,
clientEnc.keystore_password);
params.requireClientAuth(clientEnc.require_client_auth);
TServerSocket sslServer =
TSSLTransportFactory.getServerSocket(addr.getPort(), 0, addr.getAddress(),
params);
serverTransport = new
TCustomServerSocket(sslServer.getServerSocket(), args.keepAlive,
args.sendBufferSize, args.recvBufferSize);
}
else
{
serverTransport = new TCustomServerSocket(addr,
args.keepAlive, args.sendBufferSize, args.recvBufferSize);
}
{noformat}
At no point do we call setTrustStore(). Does requireClientAuth(true) even make
any sense without a truststore?
> Add support for SSL sockets to use client certificate authentication.
> ---------------------------------------------------------------------
>
> Key: CASSANDRA-5120
> URL: https://issues.apache.org/jira/browse/CASSANDRA-5120
> Project: Cassandra
> Issue Type: Improvement
> Components: Core
> Affects Versions: 1.2.0
> Reporter: Steven Franklin
> Assignee: Steven Franklin
> Priority: Minor
> Fix For: 1.2.1
>
> Attachments: trunk-5120.txt
>
>
> Add an option to EncryptionOptions to require client certication
> authentication.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
