Ron Blechman created CASSANDRA-14223:
----------------------------------------
Summary: Provide ability to do custom certificate validations
(e.g. hostname validation, certificate revocation checks)
Key: CASSANDRA-14223
URL: https://issues.apache.org/jira/browse/CASSANDRA-14223
Project: Cassandra
Issue Type: Improvement
Components: Configuration
Reporter: Ron Blechman
Fix For: 3.11.x
Cassandra server should be to be able do additional certificate validations,
such as hostname validatation and certificate revocation checking against CRLs
and/or using OCSP.
One approach couild be to have SSLFactory use SSLContext.getDefault() instead
of forcing the creation of a new SSLContext using SSLContext.getInstance().
Using the default SSLContext would allow a user to plug in their own custom
SSLSocketFactory via the java.security properties file. The custom
SSLSocketFactory could create a default SSLContext that was customized to do
any extra validation such as certificate revocation, host name validation, etc.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
