Ryan McMahon created GEODE-5227:
-----------------------------------
Summary: Perform meaningful validation on keystore and truststore
files when using SSL
Key: GEODE-5227
URL: https://issues.apache.org/jira/browse/GEODE-5227
Project: Geode
Issue Type: Test
Components: native client
Reporter: Ryan McMahon
*_As_* a customer
*_I want to_* get meaningful error feedback when I provide invalid paths or
file contents for `ssl-keystore` or `ssl-truststore`
*_So that_* I can fix the problem without guess-work
If you provide invalid path (e.g. non-existent) for the `ssl-keystore` or
`ssl-truststore` config properties, the SSL handshake still proceeds and fails
with an obscure error message
"TcpSslConn::connect failed with errno: 336462231: Unknown error"
and in the locator logs we get:
"javax.net.ssl.SSLHandshakeException: null cert chain"
You get a similar error if the .pem file contents are malformed or out of order.
We should do proper validation on the .pem files provided in `ssl-keystore` and
`ssl-truststore` and provide a meaningful error if they are not found or
malformed.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
