Repository: cassandra Updated Branches: refs/heads/trunk 0bc2164df -> bb9aa0988
Use JRE default key store algorithm instead of SunX509 patch by Stefan Podkowinski; reviewed by Jason Brown for CASSANRA-13259 Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/bb9aa098 Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/bb9aa098 Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/bb9aa098 Branch: refs/heads/trunk Commit: bb9aa098813b7f047f450086e18a78b149bb5349 Parents: 0bc2164 Author: Stefan Podkowinski <stefan.podkowin...@1und1.de> Authored: Thu Feb 23 13:17:39 2017 +0100 Committer: Stefan Podkowinski <stefan.podkowin...@1und1.de> Committed: Wed Feb 14 11:29:59 2018 +0100 ---------------------------------------------------------------------- CHANGES.txt | 1 + conf/cassandra.yaml | 2 -- src/java/org/apache/cassandra/config/EncryptionOptions.java | 2 +- src/java/org/apache/cassandra/security/SSLFactory.java | 6 ++++-- src/java/org/apache/cassandra/tools/LoaderOptions.java | 2 +- .../src/org/apache/cassandra/stress/settings/Legacy.java | 2 +- .../apache/cassandra/stress/settings/SettingsTransport.java | 2 +- 7 files changed, 9 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/bb9aa098/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index 54b587d..d69c631 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,5 @@ 4.0 + * Use JVM default SSL validation algorithm instead of custom default (CASSANDRA-13259) * Better document in code InetAddressAndPort usage post 7544, incorporate port into UUIDGen node (CASSANDRA-14226) * Fix sstablemetadata date string for minLocalDeletionTime (CASSANDRA-14132) * Make it possible to change neverPurgeTombstones during runtime (CASSANDRA-14214) http://git-wip-us.apache.org/repos/asf/cassandra/blob/bb9aa098/conf/cassandra.yaml ---------------------------------------------------------------------- diff --git a/conf/cassandra.yaml b/conf/cassandra.yaml index 9acc6d6..0a954b4 100644 --- a/conf/cassandra.yaml +++ b/conf/cassandra.yaml @@ -961,7 +961,6 @@ server_encryption_options: truststore_password: cassandra # More advanced defaults below: # protocol: TLS - # algorithm: SunX509 # store_type: JKS # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] # require_client_auth: false @@ -980,7 +979,6 @@ client_encryption_options: # truststore_password: cassandra # More advanced defaults below: # protocol: TLS - # algorithm: SunX509 # store_type: JKS # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] http://git-wip-us.apache.org/repos/asf/cassandra/blob/bb9aa098/src/java/org/apache/cassandra/config/EncryptionOptions.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/config/EncryptionOptions.java b/src/java/org/apache/cassandra/config/EncryptionOptions.java index aecbfca..5260dff 100644 --- a/src/java/org/apache/cassandra/config/EncryptionOptions.java +++ b/src/java/org/apache/cassandra/config/EncryptionOptions.java @@ -25,7 +25,7 @@ public class EncryptionOptions public String truststore_password = "cassandra"; public String[] cipher_suites = {}; public String protocol = "TLS"; - public String algorithm = "SunX509"; + public String algorithm = null; public String store_type = "JKS"; public boolean require_client_auth = false; public boolean require_endpoint_verification = false; http://git-wip-us.apache.org/repos/asf/cassandra/blob/bb9aa098/src/java/org/apache/cassandra/security/SSLFactory.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/security/SSLFactory.java b/src/java/org/apache/cassandra/security/SSLFactory.java index 0bf769c..395ea42 100644 --- a/src/java/org/apache/cassandra/security/SSLFactory.java +++ b/src/java/org/apache/cassandra/security/SSLFactory.java @@ -171,7 +171,8 @@ public final class SSLFactory { try (InputStream tsf = Files.newInputStream(Paths.get(options.truststore))) { - TrustManagerFactory tmf = TrustManagerFactory.getInstance(options.algorithm); + TrustManagerFactory tmf = TrustManagerFactory.getInstance( + options.algorithm == null ? TrustManagerFactory.getDefaultAlgorithm() : options.algorithm); KeyStore ts = KeyStore.getInstance(options.store_type); ts.load(tsf, options.truststore_password.toCharArray()); tmf.init(ts); @@ -187,7 +188,8 @@ public final class SSLFactory { try (InputStream ksf = Files.newInputStream(Paths.get(options.keystore))) { - KeyManagerFactory kmf = KeyManagerFactory.getInstance(options.algorithm); + KeyManagerFactory kmf = KeyManagerFactory.getInstance( + options.algorithm == null ? KeyManagerFactory.getDefaultAlgorithm() : options.algorithm); KeyStore ks = KeyStore.getInstance(options.store_type); ks.load(ksf, options.keystore_password.toCharArray()); if (!checkedExpiry) http://git-wip-us.apache.org/repos/asf/cassandra/blob/bb9aa098/src/java/org/apache/cassandra/tools/LoaderOptions.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/tools/LoaderOptions.java b/src/java/org/apache/cassandra/tools/LoaderOptions.java index 4646ba4..3686584 100644 --- a/src/java/org/apache/cassandra/tools/LoaderOptions.java +++ b/src/java/org/apache/cassandra/tools/LoaderOptions.java @@ -610,7 +610,7 @@ public class LoaderOptions options.addOption("ks", SSL_KEYSTORE, "KEYSTORE", "Client SSL: full path to keystore"); options.addOption("kspw", SSL_KEYSTORE_PW, "KEYSTORE-PASSWORD", "Client SSL: password of the keystore"); options.addOption("prtcl", SSL_PROTOCOL, "PROTOCOL", "Client SSL: connections protocol to use (default: TLS)"); - options.addOption("alg", SSL_ALGORITHM, "ALGORITHM", "Client SSL: algorithm (default: SunX509)"); + options.addOption("alg", SSL_ALGORITHM, "ALGORITHM", "Client SSL: algorithm"); options.addOption("st", SSL_STORE_TYPE, "STORE-TYPE", "Client SSL: type of store"); options.addOption("ciphers", SSL_CIPHER_SUITES, "CIPHER-SUITES", "Client SSL: comma-separated list of encryption suites to use"); options.addOption("f", CONFIG_PATH, "path to config file", "cassandra.yaml file path for streaming throughput and client/server SSL."); http://git-wip-us.apache.org/repos/asf/cassandra/blob/bb9aa098/tools/stress/src/org/apache/cassandra/stress/settings/Legacy.java ---------------------------------------------------------------------- diff --git a/tools/stress/src/org/apache/cassandra/stress/settings/Legacy.java b/tools/stress/src/org/apache/cassandra/stress/settings/Legacy.java index f9cbe8e..ba94e3f 100644 --- a/tools/stress/src/org/apache/cassandra/stress/settings/Legacy.java +++ b/tools/stress/src/org/apache/cassandra/stress/settings/Legacy.java @@ -74,7 +74,7 @@ public class Legacy implements Serializable availableOptions.addOption("ts", SSL_TRUSTSTORE, true, "SSL: full path to truststore"); availableOptions.addOption("tspw", SSL_TRUSTSTORE_PW, true, "SSL: full path to truststore"); availableOptions.addOption("prtcl", SSL_PROTOCOL, true, "SSL: connections protocol to use (default: TLS)"); - availableOptions.addOption("alg", SSL_ALGORITHM, true, "SSL: algorithm (default: SunX509)"); + availableOptions.addOption("alg", SSL_ALGORITHM, true, "SSL: algorithm"); availableOptions.addOption("st", SSL_STORE_TYPE, true, "SSL: type of store"); availableOptions.addOption("ciphers", SSL_CIPHER_SUITES, true, "SSL: comma-separated list of encryption suites to use"); availableOptions.addOption("th", "throttle", true, "Throttle the total number of operations per second to a maximum amount."); http://git-wip-us.apache.org/repos/asf/cassandra/blob/bb9aa098/tools/stress/src/org/apache/cassandra/stress/settings/SettingsTransport.java ---------------------------------------------------------------------- diff --git a/tools/stress/src/org/apache/cassandra/stress/settings/SettingsTransport.java b/tools/stress/src/org/apache/cassandra/stress/settings/SettingsTransport.java index 6acc500..9b8eaa0 100644 --- a/tools/stress/src/org/apache/cassandra/stress/settings/SettingsTransport.java +++ b/tools/stress/src/org/apache/cassandra/stress/settings/SettingsTransport.java @@ -73,7 +73,7 @@ public class SettingsTransport implements Serializable final OptionSimple keyStore = new OptionSimple("keystore=", ".*", null, "SSL: full path to keystore", false); final OptionSimple keyStorePw = new OptionSimple("keystore-password=", ".*", null, "SSL: keystore password", false); final OptionSimple protocol = new OptionSimple("ssl-protocol=", ".*", "TLS", "SSL: connection protocol to use", false); - final OptionSimple alg = new OptionSimple("ssl-alg=", ".*", "SunX509", "SSL: algorithm", false); + final OptionSimple alg = new OptionSimple("ssl-alg=", ".*", null, "SSL: algorithm", false); final OptionSimple ciphers = new OptionSimple("ssl-ciphers=", ".*", "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA", "SSL: comma delimited list of encryption suites to use", false); @Override --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org