[jira] [Commented] (IGNITE-27216) Add capturing of cluster node certificates during join process

Sat, 06 Dec 2025 00:14:25 -0800 


    [ 
https://issues.apache.org/jira/browse/IGNITE-27216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18043219#comment-18043219
 ] 

Ignite TC Bot commented on IGNITE-27216:
----------------------------------------

{panel:title=Branch: [pull/12546/head] Base: [master] : No blockers 
found!|borderStyle=dashed|borderColor=#ccc|titleBGColor=#D6F7C1}{panel}
{panel:title=Branch: [pull/12546/head] Base: [master] : New Tests 
(1)|borderStyle=dashed|borderColor=#ccc|titleBGColor=#D6F7C1}
{color:#00008b}Security{color} [[tests 
1|https://ci2.ignite.apache.org/viewLog.html?buildId=8736141]]
* {color:#013220}SecurityTestSuite: 
NodeConnectionCertificateCapturingTest.testNodeConnectionCertificateCapturing - 
PASSED{color}

{panel}
[TeamCity *--> Run :: All* 
Results|https://ci2.ignite.apache.org/viewLog.html?buildId=8736807&buildTypeId=IgniteTests24Java8_RunAll]

> Add capturing of cluster node certificates during join process
> --------------------------------------------------------------
>
>                 Key: IGNITE-27216
>                 URL: https://issues.apache.org/jira/browse/IGNITE-27216
>             Project: Ignite
>          Issue Type: Task
>            Reporter: Mikhail Petrov
>            Assignee: Mikhail Petrov
>            Priority: Major
>              Labels: ise
>          Time Spent: 2h
>  Remaining Estimate: 0h
>
> Motivation:
> Security implementations may validate the certificate that was used to 
> establish the connection being authenticated. The ability to capture a 
> session certificate and pass it to the security module during authentication 
> is already implemented for the thin client. See 
> https://issues.apache.org/jira/browse/IGNITE-12752
> There is no such mechanism for cluster nodes. 
> While a security implementation can use cluster node attributes to implicitly 
> attach the node's public certificate, this solution is inappropriate if the 
> node connects to the cluster through a proxy server that encrypts traffic and 
> manages certificates on its end. In this case, the node has no knowledge of 
> the certificates at all.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to