[
https://issues.apache.org/jira/browse/GEODE-3640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Swapnil Bawaskar resolved GEODE-3640.
-------------------------------------
Resolution: Fixed
> Connect with --skip-ssl-validation should not require a Keystore or Truststore
> ------------------------------------------------------------------------------
>
> Key: GEODE-3640
> URL: https://issues.apache.org/jira/browse/GEODE-3640
> Project: Geode
> Issue Type: Bug
> Components: docs, gfsh, security
> Affects Versions: 1.2.0
> Reporter: Jared Stewart
> Assignee: Jared Stewart
> Fix For: 1.3.0
>
>
> We are still requiring a Keystore and Truststore to be specified if a user
> connects via gfsh with --skip-ssl-validation. We ought to be able to fall
> back to the default JVM truststore in this case since we shouldn't be
> validating the server's certificate, and thus shouldn't need a custom
> Truststore. And since the gfsh client should not get its identity verified
> by the server, it should not require a custom Keystore.
> This is what happens currently if you omit those options:
> {noformat}
> gfsh>connect --use-http --url=https://locator-address/gemfire/v1
> --user=username --password=******** --skip-ssl-validation
> I/O error on GET request for "https://locator-address/gemfire/v1/index":
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target; nested exception is
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
