[
https://issues.apache.org/jira/browse/FLINK-32015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dhruv Patel updated FLINK-32015:
--------------------------------
Description:
We recently observed that Flink is able to perform SSL communication without
any issues even if certs in the trust store are expired
As per this issue in Netty library, it says that Default TrustManagerFactory
does not come with that check in place and we need to implement our own
TrustManagerFactory for the desired behavior
[https://github.com/netty/netty/issues/8461]
It would be good to perform the cert validity check to prevent the risk of
using expired certs
was:
We recently observed that Flink is able to perform SSL communication without
any issues even if certs in the trust store are expired
As per this issue in Netty library, it says that Default TrustManagerFactory
does not come with that check in place and we need to implement our own
TrustManagerFactory for the desired behavior
https://github.com/netty/netty/issues/8461
> Flink does not fail SSL Handshake when expired cert is used
> -----------------------------------------------------------
>
> Key: FLINK-32015
> URL: https://issues.apache.org/jira/browse/FLINK-32015
> Project: Flink
> Issue Type: Bug
> Components: Runtime / Network
> Reporter: Dhruv Patel
> Priority: Major
>
> We recently observed that Flink is able to perform SSL communication without
> any issues even if certs in the trust store are expired
> As per this issue in Netty library, it says that Default TrustManagerFactory
> does not come with that check in place and we need to implement our own
> TrustManagerFactory for the desired behavior
> [https://github.com/netty/netty/issues/8461]
> It would be good to perform the cert validity check to prevent the risk of
> using expired certs
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
