[jira] [Updated] (CASSANDRA-11532) CqlConfigHelper requires both truststore and keystore to work with SSL encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-11532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Aleksey Yeschenko updated CASSANDRA-11532: -- Resolution: Fixed Fix Version/s: 3.0.6 3.6 2.2.6 Status: Resolved (was: Ready to Commit) > CqlConfigHelper requires both truststore and keystore to work with SSL > encryption > - > > Key: CASSANDRA-11532 > URL: https://issues.apache.org/jira/browse/CASSANDRA-11532 > Project: Cassandra > Issue Type: Bug >Reporter: Jacek Lewandowski >Assignee: Jacek Lewandowski > Fix For: 2.2.6, 3.6, 3.0.6 > > Attachments: CASSANDRA_11532.patch > > > {{CqlConfigHelper}} configures SSL in the following way: > {code:java} > public static Optional getSSLOptions(Configuration conf) > { > Optional truststorePath = > getInputNativeSSLTruststorePath(conf); > Optional keystorePath = getInputNativeSSLKeystorePath(conf); > Optional truststorePassword = > getInputNativeSSLTruststorePassword(conf); > Optional keystorePassword = > getInputNativeSSLKeystorePassword(conf); > Optional cipherSuites = getInputNativeSSLCipherSuites(conf); > > if (truststorePath.isPresent() && keystorePath.isPresent() && > truststorePassword.isPresent() && keystorePassword.isPresent()) > { > SSLContext context; > try > { > context = getSSLContext(truststorePath.get(), > truststorePassword.get(), keystorePath.get(), keystorePassword.get()); > } > catch (UnrecoverableKeyException | KeyManagementException | > NoSuchAlgorithmException | KeyStoreException | > CertificateException | IOException e) > { > throw new RuntimeException(e); > } > String[] css = null; > if (cipherSuites.isPresent()) > css = cipherSuites.get().split(","); > return Optional.of(JdkSSLOptions.builder() > .withSSLContext(context) > .withCipherSuites(css) > .build()); > } > return Optional.absent(); > } > {code} > which forces you to connect only to trusted nodes and client authentication. > This should be made more flexible so that at least client authentication is > optional. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CASSANDRA-11532) CqlConfigHelper requires both truststore and keystore to work with SSL encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-11532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jeremiah Jordan updated CASSANDRA-11532: Status: Ready to Commit (was: Patch Available) > CqlConfigHelper requires both truststore and keystore to work with SSL > encryption > - > > Key: CASSANDRA-11532 > URL: https://issues.apache.org/jira/browse/CASSANDRA-11532 > Project: Cassandra > Issue Type: Bug >Reporter: Jacek Lewandowski >Assignee: Jacek Lewandowski > Attachments: CASSANDRA_11532.patch > > > {{CqlConfigHelper}} configures SSL in the following way: > {code:java} > public static Optional getSSLOptions(Configuration conf) > { > Optional truststorePath = > getInputNativeSSLTruststorePath(conf); > Optional keystorePath = getInputNativeSSLKeystorePath(conf); > Optional truststorePassword = > getInputNativeSSLTruststorePassword(conf); > Optional keystorePassword = > getInputNativeSSLKeystorePassword(conf); > Optional cipherSuites = getInputNativeSSLCipherSuites(conf); > > if (truststorePath.isPresent() && keystorePath.isPresent() && > truststorePassword.isPresent() && keystorePassword.isPresent()) > { > SSLContext context; > try > { > context = getSSLContext(truststorePath.get(), > truststorePassword.get(), keystorePath.get(), keystorePassword.get()); > } > catch (UnrecoverableKeyException | KeyManagementException | > NoSuchAlgorithmException | KeyStoreException | > CertificateException | IOException e) > { > throw new RuntimeException(e); > } > String[] css = null; > if (cipherSuites.isPresent()) > css = cipherSuites.get().split(","); > return Optional.of(JdkSSLOptions.builder() > .withSSLContext(context) > .withCipherSuites(css) > .build()); > } > return Optional.absent(); > } > {code} > which forces you to connect only to trusted nodes and client authentication. > This should be made more flexible so that at least client authentication is > optional. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CASSANDRA-11532) CqlConfigHelper requires both truststore and keystore to work with SSL encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-11532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacek Lewandowski updated CASSANDRA-11532: -- Attachment: CASSANDRA_11532.patch > CqlConfigHelper requires both truststore and keystore to work with SSL > encryption > - > > Key: CASSANDRA-11532 > URL: https://issues.apache.org/jira/browse/CASSANDRA-11532 > Project: Cassandra > Issue Type: Bug >Reporter: Jacek Lewandowski >Assignee: Jacek Lewandowski > Attachments: CASSANDRA_11532.patch > > > {{CqlConfigHelper}} configures SSL in the following way: > {code:java} > public static Optional getSSLOptions(Configuration conf) > { > Optional truststorePath = > getInputNativeSSLTruststorePath(conf); > Optional keystorePath = getInputNativeSSLKeystorePath(conf); > Optional truststorePassword = > getInputNativeSSLTruststorePassword(conf); > Optional keystorePassword = > getInputNativeSSLKeystorePassword(conf); > Optional cipherSuites = getInputNativeSSLCipherSuites(conf); > > if (truststorePath.isPresent() && keystorePath.isPresent() && > truststorePassword.isPresent() && keystorePassword.isPresent()) > { > SSLContext context; > try > { > context = getSSLContext(truststorePath.get(), > truststorePassword.get(), keystorePath.get(), keystorePassword.get()); > } > catch (UnrecoverableKeyException | KeyManagementException | > NoSuchAlgorithmException | KeyStoreException | > CertificateException | IOException e) > { > throw new RuntimeException(e); > } > String[] css = null; > if (cipherSuites.isPresent()) > css = cipherSuites.get().split(","); > return Optional.of(JdkSSLOptions.builder() > .withSSLContext(context) > .withCipherSuites(css) > .build()); > } > return Optional.absent(); > } > {code} > which forces you to connect only to trusted nodes and client authentication. > This should be made more flexible so that at least client authentication is > optional. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CASSANDRA-11532) CqlConfigHelper requires both truststore and keystore to work with SSL encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-11532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacek Lewandowski updated CASSANDRA-11532: -- Status: Patch Available (was: In Progress) > CqlConfigHelper requires both truststore and keystore to work with SSL > encryption > - > > Key: CASSANDRA-11532 > URL: https://issues.apache.org/jira/browse/CASSANDRA-11532 > Project: Cassandra > Issue Type: Bug >Reporter: Jacek Lewandowski >Assignee: Jacek Lewandowski > Attachments: CASSANDRA_11532.patch > > > {{CqlConfigHelper}} configures SSL in the following way: > {code:java} > public static Optional getSSLOptions(Configuration conf) > { > Optional truststorePath = > getInputNativeSSLTruststorePath(conf); > Optional keystorePath = getInputNativeSSLKeystorePath(conf); > Optional truststorePassword = > getInputNativeSSLTruststorePassword(conf); > Optional keystorePassword = > getInputNativeSSLKeystorePassword(conf); > Optional cipherSuites = getInputNativeSSLCipherSuites(conf); > > if (truststorePath.isPresent() && keystorePath.isPresent() && > truststorePassword.isPresent() && keystorePassword.isPresent()) > { > SSLContext context; > try > { > context = getSSLContext(truststorePath.get(), > truststorePassword.get(), keystorePath.get(), keystorePassword.get()); > } > catch (UnrecoverableKeyException | KeyManagementException | > NoSuchAlgorithmException | KeyStoreException | > CertificateException | IOException e) > { > throw new RuntimeException(e); > } > String[] css = null; > if (cipherSuites.isPresent()) > css = cipherSuites.get().split(","); > return Optional.of(JdkSSLOptions.builder() > .withSSLContext(context) > .withCipherSuites(css) > .build()); > } > return Optional.absent(); > } > {code} > which forces you to connect only to trusted nodes and client authentication. > This should be made more flexible so that at least client authentication is > optional. -- This message was sent by Atlassian JIRA (v6.3.4#6332)