[jira] [Updated] (CASSANDRA-14991) SSL Cert Hot Reloading should check for sanity of the new keystore/truststore before loading it
[ https://issues.apache.org/jira/browse/CASSANDRA-14991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] C. Scott Andreas updated CASSANDRA-14991: - Complexity: Normal Discovered By: User Report Bug Category: Parent values: Availability(12983)Level 1 values: Unavailable(12994) > SSL Cert Hot Reloading should check for sanity of the new keystore/truststore > before loading it > --- > > Key: CASSANDRA-14991 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14991 > Project: Cassandra > Issue Type: Bug > Components: Feature/Encryption >Reporter: Dinesh Joshi >Assignee: Dinesh Joshi >Priority: Normal > Labels: security > Fix For: 4.0 > > > SSL Cert Hot Reloading assumes that the keystore & truststore are valid. > However, a corrupt store or a password mismatch can cause Cassandra to fail > accepting new connections as we throw away the old {{SslContext}}. This patch > will ensure that we check the sanity of the certificates during startup and > during hot reloading. This should protect against bad key/trust stores. As > part of this PR, I have cleaned up the code a bit. -- This message was sent by Atlassian JIRA (v7.6.14#76016) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-14991) SSL Cert Hot Reloading should check for sanity of the new keystore/truststore before loading it
[ https://issues.apache.org/jira/browse/CASSANDRA-14991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ariel Weisberg updated CASSANDRA-14991: --- Resolution: Fixed Status: Resolved (was: Ready to Commit) Committed as [367cdc95514d4550db57054c90fb794fc29179d1|https://github.com/apache/cassandra/commit/367cdc95514d4550db57054c90fb794fc29179d1]. Thanks! > SSL Cert Hot Reloading should check for sanity of the new keystore/truststore > before loading it > --- > > Key: CASSANDRA-14991 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14991 > Project: Cassandra > Issue Type: Bug > Components: Feature/Encryption >Reporter: Dinesh Joshi >Assignee: Dinesh Joshi >Priority: Major > Labels: security > Fix For: 4.0 > > > SSL Cert Hot Reloading assumes that the keystore & truststore are valid. > However, a corrupt store or a password mismatch can cause Cassandra to fail > accepting new connections as we throw away the old {{SslContext}}. This patch > will ensure that we check the sanity of the certificates during startup and > during hot reloading. This should protect against bad key/trust stores. As > part of this PR, I have cleaned up the code a bit. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-14991) SSL Cert Hot Reloading should check for sanity of the new keystore/truststore before loading it
[ https://issues.apache.org/jira/browse/CASSANDRA-14991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ariel Weisberg updated CASSANDRA-14991: --- Status: Ready to Commit (was: Patch Available) > SSL Cert Hot Reloading should check for sanity of the new keystore/truststore > before loading it > --- > > Key: CASSANDRA-14991 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14991 > Project: Cassandra > Issue Type: Bug > Components: Feature/Encryption >Reporter: Dinesh Joshi >Assignee: Dinesh Joshi >Priority: Major > Labels: security > Fix For: 4.0 > > > SSL Cert Hot Reloading assumes that the keystore & truststore are valid. > However, a corrupt store or a password mismatch can cause Cassandra to fail > accepting new connections as we throw away the old {{SslContext}}. This patch > will ensure that we check the sanity of the certificates during startup and > during hot reloading. This should protect against bad key/trust stores. As > part of this PR, I have cleaned up the code a bit. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-14991) SSL Cert Hot Reloading should check for sanity of the new keystore/truststore before loading it
[ https://issues.apache.org/jira/browse/CASSANDRA-14991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dinesh Joshi updated CASSANDRA-14991: - Fix Version/s: 4.0 Status: Patch Available (was: Open) > SSL Cert Hot Reloading should check for sanity of the new keystore/truststore > before loading it > --- > > Key: CASSANDRA-14991 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14991 > Project: Cassandra > Issue Type: Bug > Components: Feature/Encryption >Reporter: Dinesh Joshi >Assignee: Dinesh Joshi >Priority: Major > Labels: security > Fix For: 4.0 > > > SSL Cert Hot Reloading assumes that the keystore & truststore are valid. > However, a corrupt store or a password mismatch can cause Cassandra to fail > accepting new connections as we throw away the old {{SslContext}}. This patch > will ensure that we check the sanity of the certificates during startup and > during hot reloading. This should protect against bad key/trust stores. As > part of this PR, I have cleaned up the code a bit. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-14991) SSL Cert Hot Reloading should check for sanity of the new keystore/truststore before loading it
[ https://issues.apache.org/jira/browse/CASSANDRA-14991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ariel Weisberg updated CASSANDRA-14991: --- Reviewers: Ariel Weisberg Reviewer: Ariel Weisberg > SSL Cert Hot Reloading should check for sanity of the new keystore/truststore > before loading it > --- > > Key: CASSANDRA-14991 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14991 > Project: Cassandra > Issue Type: Bug > Components: Feature/Encryption >Reporter: Dinesh Joshi >Assignee: Dinesh Joshi >Priority: Major > Labels: security > > SSL Cert Hot Reloading assumes that the keystore & truststore are valid. > However, a corrupt store or a password mismatch can cause Cassandra to fail > accepting new connections as we throw away the old {{SslContext}}. This patch > will ensure that we check the sanity of the certificates during startup and > during hot reloading. This should protect against bad key/trust stores. As > part of this PR, I have cleaned up the code a bit. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-14991) SSL Cert Hot Reloading should check for sanity of the new keystore/truststore before loading it
[ https://issues.apache.org/jira/browse/CASSANDRA-14991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dinesh Joshi updated CASSANDRA-14991: - Description: SSL Cert Hot Reloading assumes that the keystore & truststore are valid. However, a corrupt store or a password mismatch can cause Cassandra to fail accepting new connections as we throw away the old {{SslContext}}. This patch will ensure that we check the sanity of the certificates during startup and during hot reloading. This should protect against bad key/trust stores. As part of this PR, I have cleaned up the code a bit. (was: SSL Cert Hot Reloading assumes that the keystore & truststore are valid. However, a corrupt store or a password mismatch can cause Cassandra to fail accepting new connections as we throw away the old {{SslContext}}. This patch will ensure that we check the sanity of the certificates during startup and during hot reloading. This should protect against bad key/trust stores.) > SSL Cert Hot Reloading should check for sanity of the new keystore/truststore > before loading it > --- > > Key: CASSANDRA-14991 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14991 > Project: Cassandra > Issue Type: Bug > Components: Feature/Encryption >Reporter: Dinesh Joshi >Assignee: Dinesh Joshi >Priority: Major > Labels: security > > SSL Cert Hot Reloading assumes that the keystore & truststore are valid. > However, a corrupt store or a password mismatch can cause Cassandra to fail > accepting new connections as we throw away the old {{SslContext}}. This patch > will ensure that we check the sanity of the certificates during startup and > during hot reloading. This should protect against bad key/trust stores. As > part of this PR, I have cleaned up the code a bit. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org