[
https://issues.apache.org/jira/browse/KNOX-733?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15426013#comment-15426013
]
chris snow commented on KNOX-733:
---------------------------------
In terms of requirements:
1) I would like the CLI to be secure by default and not allow connections to
SSL endpoints when the server has a self signed certificate, or a certificate
signed by an untrusted certificate authority. This ticket should probably be
tagged as a security defect rather than a bug because the current
implementation is insecure.
2) After (1) has been implemented, I would like to be able to add a server
certificate to the SSL context even when I don't have access to the Jvm jks
truststore.
> Knox shell client is susceptible to man-in-the-middle attack
> -------------------------------------------------------------
>
> Key: KNOX-733
> URL: https://issues.apache.org/jira/browse/KNOX-733
> Project: Apache Knox
> Issue Type: Bug
> Reporter: chris snow
> Assignee: chris snow
>
> The Knox shell client does not verify the certificate of the server.
> One option would be to provide another method where developers can provide
> their own client, e.g.
> public static Hadoop login( String url, String username, String password,
> HttpClient client ) throws URISyntaxException { }
> https://github.com/apache/knox/blob/master/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Hadoop.java#L60
> I can provide a patch if you are happy with this approach.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
