[jira] [Updated] (CASSANDRA-14991) SSL Cert Hot Reloading should check for sanity of the new keystore/truststore before loading it

2019-08-01 Thread C. Scott Andreas (JIRA) 


 [ 
https://issues.apache.org/jira/browse/CASSANDRA-14991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

C. Scott Andreas updated CASSANDRA-14991:
-
   Complexity: Normal
Discovered By: User Report
 Bug Category: Parent values: Availability(12983)Level 1 values: 
Unavailable(12994)

> SSL Cert Hot Reloading should check for sanity of the new keystore/truststore 
> before loading it
> ---
>
> Key: CASSANDRA-14991
> URL: https://issues.apache.org/jira/browse/CASSANDRA-14991
> Project: Cassandra
>  Issue Type: Bug
>  Components: Feature/Encryption
>Reporter: Dinesh Joshi
>Assignee: Dinesh Joshi
>Priority: Normal
>  Labels: security
> Fix For: 4.0
>
>
> SSL Cert Hot Reloading assumes that the keystore & truststore are valid. 
> However, a corrupt store or a password mismatch can cause Cassandra to fail 
> accepting new connections as we throw away the old {{SslContext}}. This patch 
> will ensure that we check the sanity of the certificates during startup and 
> during hot reloading. This should protect against bad key/trust stores. As 
> part of this PR, I have cleaned up the code a bit.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Updated] (CASSANDRA-14991) SSL Cert Hot Reloading should check for sanity of the new keystore/truststore before loading it

2019-02-08 Thread Ariel Weisberg (JIRA) 


 [ 
https://issues.apache.org/jira/browse/CASSANDRA-14991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ariel Weisberg updated CASSANDRA-14991:
---
Resolution: Fixed
Status: Resolved  (was: Ready to Commit)

Committed as 
[367cdc95514d4550db57054c90fb794fc29179d1|https://github.com/apache/cassandra/commit/367cdc95514d4550db57054c90fb794fc29179d1].
 Thanks!

> SSL Cert Hot Reloading should check for sanity of the new keystore/truststore 
> before loading it
> ---
>
> Key: CASSANDRA-14991
> URL: https://issues.apache.org/jira/browse/CASSANDRA-14991
> Project: Cassandra
>  Issue Type: Bug
>  Components: Feature/Encryption
>Reporter: Dinesh Joshi
>Assignee: Dinesh Joshi
>Priority: Major
>  Labels: security
> Fix For: 4.0
>
>
> SSL Cert Hot Reloading assumes that the keystore & truststore are valid. 
> However, a corrupt store or a password mismatch can cause Cassandra to fail 
> accepting new connections as we throw away the old {{SslContext}}. This patch 
> will ensure that we check the sanity of the certificates during startup and 
> during hot reloading. This should protect against bad key/trust stores. As 
> part of this PR, I have cleaned up the code a bit.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Updated] (CASSANDRA-14991) SSL Cert Hot Reloading should check for sanity of the new keystore/truststore before loading it

2019-01-31 Thread Ariel Weisberg (JIRA) 


 [ 
https://issues.apache.org/jira/browse/CASSANDRA-14991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ariel Weisberg updated CASSANDRA-14991:
---
Status: Ready to Commit  (was: Patch Available)

> SSL Cert Hot Reloading should check for sanity of the new keystore/truststore 
> before loading it
> ---
>
> Key: CASSANDRA-14991
> URL: https://issues.apache.org/jira/browse/CASSANDRA-14991
> Project: Cassandra
>  Issue Type: Bug
>  Components: Feature/Encryption
>Reporter: Dinesh Joshi
>Assignee: Dinesh Joshi
>Priority: Major
>  Labels: security
> Fix For: 4.0
>
>
> SSL Cert Hot Reloading assumes that the keystore & truststore are valid. 
> However, a corrupt store or a password mismatch can cause Cassandra to fail 
> accepting new connections as we throw away the old {{SslContext}}. This patch 
> will ensure that we check the sanity of the certificates during startup and 
> during hot reloading. This should protect against bad key/trust stores. As 
> part of this PR, I have cleaned up the code a bit.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Updated] (CASSANDRA-14991) SSL Cert Hot Reloading should check for sanity of the new keystore/truststore before loading it

2019-01-18 Thread Dinesh Joshi (JIRA) 


 [ 
https://issues.apache.org/jira/browse/CASSANDRA-14991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dinesh Joshi updated CASSANDRA-14991:
-
Fix Version/s: 4.0
   Status: Patch Available  (was: Open)

> SSL Cert Hot Reloading should check for sanity of the new keystore/truststore 
> before loading it
> ---
>
> Key: CASSANDRA-14991
> URL: https://issues.apache.org/jira/browse/CASSANDRA-14991
> Project: Cassandra
>  Issue Type: Bug
>  Components: Feature/Encryption
>Reporter: Dinesh Joshi
>Assignee: Dinesh Joshi
>Priority: Major
>  Labels: security
> Fix For: 4.0
>
>
> SSL Cert Hot Reloading assumes that the keystore & truststore are valid. 
> However, a corrupt store or a password mismatch can cause Cassandra to fail 
> accepting new connections as we throw away the old {{SslContext}}. This patch 
> will ensure that we check the sanity of the certificates during startup and 
> during hot reloading. This should protect against bad key/trust stores. As 
> part of this PR, I have cleaned up the code a bit.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Updated] (CASSANDRA-14991) SSL Cert Hot Reloading should check for sanity of the new keystore/truststore before loading it

2019-01-18 Thread Ariel Weisberg (JIRA) 


 [ 
https://issues.apache.org/jira/browse/CASSANDRA-14991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ariel Weisberg updated CASSANDRA-14991:
---
Reviewers: Ariel Weisberg
 Reviewer: Ariel Weisberg

> SSL Cert Hot Reloading should check for sanity of the new keystore/truststore 
> before loading it
> ---
>
> Key: CASSANDRA-14991
> URL: https://issues.apache.org/jira/browse/CASSANDRA-14991
> Project: Cassandra
>  Issue Type: Bug
>  Components: Feature/Encryption
>Reporter: Dinesh Joshi
>Assignee: Dinesh Joshi
>Priority: Major
>  Labels: security
>
> SSL Cert Hot Reloading assumes that the keystore & truststore are valid. 
> However, a corrupt store or a password mismatch can cause Cassandra to fail 
> accepting new connections as we throw away the old {{SslContext}}. This patch 
> will ensure that we check the sanity of the certificates during startup and 
> during hot reloading. This should protect against bad key/trust stores. As 
> part of this PR, I have cleaned up the code a bit.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Updated] (CASSANDRA-14991) SSL Cert Hot Reloading should check for sanity of the new keystore/truststore before loading it

2019-01-18 Thread Dinesh Joshi (JIRA) 


 [ 
https://issues.apache.org/jira/browse/CASSANDRA-14991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dinesh Joshi updated CASSANDRA-14991:
-
Description: SSL Cert Hot Reloading assumes that the keystore & truststore 
are valid. However, a corrupt store or a password mismatch can cause Cassandra 
to fail accepting new connections as we throw away the old {{SslContext}}. This 
patch will ensure that we check the sanity of the certificates during startup 
and during hot reloading. This should protect against bad key/trust stores. As 
part of this PR, I have cleaned up the code a bit.  (was: SSL Cert Hot 
Reloading assumes that the keystore & truststore are valid. However, a corrupt 
store or a password mismatch can cause Cassandra to fail accepting new 
connections as we throw away the old {{SslContext}}. This patch will ensure 
that we check the sanity of the certificates during startup and during hot 
reloading. This should protect against bad key/trust stores.)

> SSL Cert Hot Reloading should check for sanity of the new keystore/truststore 
> before loading it
> ---
>
> Key: CASSANDRA-14991
> URL: https://issues.apache.org/jira/browse/CASSANDRA-14991
> Project: Cassandra
>  Issue Type: Bug
>  Components: Feature/Encryption
>Reporter: Dinesh Joshi
>Assignee: Dinesh Joshi
>Priority: Major
>  Labels: security
>
> SSL Cert Hot Reloading assumes that the keystore & truststore are valid. 
> However, a corrupt store or a password mismatch can cause Cassandra to fail 
> accepting new connections as we throw away the old {{SslContext}}. This patch 
> will ensure that we check the sanity of the certificates during startup and 
> during hot reloading. This should protect against bad key/trust stores. As 
> part of this PR, I have cleaned up the code a bit.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org